Chad's News

There’s a fairly serious security flaw in the Adobe Reader plugin for Internet Explorer and Mozilla Firefox. It’s exploited via the URL to the PDF file, rather than the file itself. So even if the file is on a trusted site, clicking on a PDF link from an untrusted site or email could trigger the exploit. Internet Explorer version 7.0 does not have this problem, but 6.0 and previous versions are vulnerable. Non-IE users need to be very careful when opening PDF files, or consider disabling the PDF plugin.

Link: http://www.businessweek.com/…
(via Kim Komando)

UPDATE: Version 8 of the Adobe Reader does not have this problem.

Consumer Affairs has listed the top 10 scams of 2006, seven of which have some online aspect. Number 8 is quite insidious.

Link: http://www.consumeraffairs.com/…
(via digg)

Internet Explorer version 7 has officially been released. Major improvements are tabbed browsing and better adherence to standards. That being said, I still prefer Firefox.

http://slashdot.org/…

UPDATE: And true to form, the first IE7 security vulnerability has already been discovered.

UPDATE #2: According to Microsoft, the problem is with Outlook Express and not Internet Explorer.

The BBC recently performed a computer security experiment. They created a virtual Windows XP Home system encased within a highly-protected XP Pro system, thus enabling them to monitor all internet traffic coming in to the XP Home “machine.” Then they connected it to the internet. The first attack occurred within seconds, and there was never a period longer than 15 minutes without an attack of some sort. Note that they didn’t surf or otherwise use the internet; rather, they simply connected the machine to the internet and let it sit idle. This is a good reminder why it’s important to use firewalls and keep Windows updated.

http://news.bbc.co.uk/…
(via slashdot)

Microsoft has released an out-of-cycle security update for Internet Explorer 6. The real problem is that malicious people are hacking legitimate websites and adding pictures that, when viewed, will give them control of your computer. Outlook is also affected, so viewing spam email could do it as well. Run Windows Update.

http://seattlepi.nwsource.com/…

http://www.microsoft.com/…

Just how much information do we give away when browsing? This web site shows it all.

http://www.myipinfo.net/
(via digg)

With the advent of smart phones, we are beginning to see the proliferation of cell phone viruses.

http://money.cnn.com/…

As is typical these days, when Microsoft issues security patches there are near-instantaneous exploits available in the wild. This time, the US Department of Homeland Security is even worried. So if you haven’t updated from the Aug. 9, 2006 patch release, you may want to do so.

http://news.bbc.co.uk/…

I had a friend, back in the pre-email days, who actually got a letter in the mail proposing a 419 scam. It’s amazing how well it works, even after all this time. And it hooks people who should know better.

http://arstechnica.com/…

I’ve discussed rootkits before, but apparently they are getting much more sophisticated and difficult to detect. The best defense against this kind of attack, of course, is to be careful what you run, open, and view. And keeping Windows updated. And using a firewall. Almost makes me want to build a Linux box.

http://arstechnica.com/…

This woman had a very bad experience after she recycled her cell phone prior to the end of the calling plan. It would also be a good idea to wipe the saved numbers and any personal information. I wonder if that can be done all at once via some sort of reset function?

http://www.postgazette.com/…

I’ve written about this before, but I want to emphasize it one last time. Last Tuesday (6/13/2006) Microsoft released its monthly security updates. And exploits were available within a day. This is happening on a consistent basis, and it’s no longer safe to wait before updating Windows. That automatic update feature is looking better and better.

http://www.techworld.com/…