Friday, August 28, 2009

Migration in Process from Livejournal

This space under construction . . .  I'm in the process of migrating all my Livejournal entries (sadly, sans comments) over to Blogger.  Due to a Google imposed limitation of 50 posts per day -- to prevent abuse -- this will take me at least a week from today.

Once the posts have been successfully moved, I will lock the LJ side and continue my musings about computer security right here on Blogger.

Thanks for your patience while the dust settles!

Thanks to http://linuxlore.blogspot.com for his excellent Blog2Blog application, which is making this chore much more feasible than I first suspected!

Tuesday, August 25, 2009

Texting While Driving PSA

Parental guidance suggested

I personally feel that anyone that uses a cell phone and drives a car should view this. But be warned -- this is a very graphic video. I totally lost it when the little girl asked why her mommy wouldn't wake up.

Your search = malware drive by?

cnet posted an interesting summary from McAfee's SiteAdvisor:

http://news.cnet.com/8301-1009_3-10317029-83.html

Through no fault of her own, actress Jessica Biel is now the most hazardous celebrity on the Internet.

Fans searching online for Biel have a one-in-five chance of hitting a Web site with malware, according to McAfee's third annual report listing Hollywood's most "dangerous" online celebrities.

In general, hunting for Hollywood's in-crowd poses a much greater threat than searching for just about anyone else. For example, President Obama and first lady Michelle Obama ranked No. 34 and No. 39, respectively.


Add to this the fact that searching for things like "free wallpaper" or "free screen savers" can also land you on a compromised site that can infect the majority of machines . . . it's a parasite laden jungle out there.

But by far the worst infections these days still seem to propagate via email. Spammers send links or attachments -- and users still open them!

You -- you know who you are: stop that!


Thursday, August 13, 2009

PDF Users - lock down your 'free' reader

I've not yet figured out just why Adobe's PDF document structure needs JavaScript. It's a document, I read it, act or think on it, then close it! I don't need code handling ability within my document.

Perhaps someone in the know can enlighten me? Anyway . . .

For several weeks now there have been several viruses circulating that take advantage of a now-patched security hole in Adobe's PDF viewers, both the free and paid versions.

Patch your Adobe Reader
The first thing you should do is force a check for updates to your Adobe PDF viewer. Open Adobe Reader (7, 8 or 9) and click the menu item "Help, Check for Updates." Then click the small text saying "List Details."

Compare the left side of the list to the right side. Anything on the left side thats not listed on the right should be checked, and updated -- unless it's a Language Support update, that's optional.

If you are asked to reboot, do so.

Then check again . . . repeat until no new updates appear. At the end of this, you want to check your version and make sure it's at or higher than:

Reader 7: 7.1.3
Reader 8: 8.1.6
Reader 9: 9.1.3

Turn off JavaScript in Adobe Reader
Now that you've patched your Reader, I suggest you turn off the JavaScript feature entirely. You won't miss it . . . and it might help prevent trouble in the future.

Open Adobe Reader again . . .

Click the Edit menu item, select Preferences.

Find and click the entry on the left side for JavaScript, and click to clear the first check box labeled "Enable Acrobat JavaScript."

Be warned that earlier versions of the reader may prompt you to enable JavaScript every time you open a PDF document . . .

Click OK and close the Reader.

Done!

More info about this here: http://www.us-cert.gov/cas/techalerts/TA09-133B.html

Better yet, get rid of that bloated PDF viewer entirely!
Those interested in alternatives can Uninstall Adobe Reader and try the (free for personal use) Foxit Reader 3.0 instead. I recommend you decline the free toolbar they ask you to install, but other than that it's much faster than Adobe's product, and does not currently have the security vulnerabilities.

See http://www.foxitsoftware.com/pdf/reader/