As I reported earlier, the patches for Adobe Acrobat 9.3.2 and Adobe Reader 9.3.2 (Note: There is no such thing as Adobe Acrobat Reader.) are now available for download. When Adobe Reader 9.3.1 came out I wrote an article GPO Deploying Adobe Reader 9.3.1 that documented the process to create an Administration Install Point that allows us to deploy the (then) latest Adobe … [Read more...]
Hidden Easter Eggs in Software and The Security Implications
With Easter yesterday, it got me thinking about Easter Eggs. Are you aware that there could be hidden little gems in the software you use every day? Some applications, video games, DVDs, and others include little intentional tidbits of code that people might randomly stumble into that shows off some cool feature, display the credits, or are part of some inside joke by the … [Read more...]
Exploit PDF Files, Without Vulnerability
A fully patched Adobe Reader and FoxIt Reader are currently capable of launching an executable embedded within a PDF while not making use of any vulnerability. Didier Stevens, a security researcher from Belgium, explained the exploit without publishing how to do it on his blog Monday. The trick doesn't rely on Javascript, which has been the culprit in many of the recent Adobe … [Read more...]
Gmail Helps with your Security Concerns, Pt. 3
Gmail announced via their official blog an update to what was Gmail Helps with your Security Concerns, Pt. 1, which improved your ability to detect if somebody else was accessing your Gmail account. They accomplished this by showing you what IP addresses had recently been active on your account and allowed you to sign out any remote sessions. Well now, they've made things … [Read more...]
An XP Internet Security 2010 Infection Campaign Update
Earlier this month, the computers I'm responsible for were being hit hard by the XP Internet Security 2010 FakeAV that I posted about previously. A few computers each day would get infected. A lot of it was caused by the users veering off to visit non-work-related sites. I was already deploying the latest Java and Adobe Flash through Group Policy to all of my computers but I … [Read more...]