Skip to Content

Submit your nominations for the Luxist Awards' Best in Decor
AOL Tech

security-flaw posts

Filed under: Security, Office, Adobe

Yet another security flaw surfaces in Adobe Reader

by Lee Mathews Apr 28th 2009

It hasn't been the best couple of weeks for Adobe Reader.

First there was the advice from F-Secure's Mikko Hypponen to stop using Reader and switch to an alternative. Now there's word of a new security flaw that is known to affect versions 8.14 and 9.1 for Linux and could also affect other versions of the program on other operating systems.

The exploit takes advantage of the javascript getAnnots() function in Reader and could, as with its predecessor, allow an attacker to remotely execute arbitrary code.

Even the U.S. Department of Homeland Security is on the case. They advise temporarily disabling javascript as an intermediate fix:
"To disable JavaScript in Adobe Reader, open the General Preferences dialog box. From the Edit-Preferences-JavaScript menu, un-check Enable Acrobat JavaScript."
Adobe has acknowledged the problem in a blog post, though it states nothing more than "we know about it, and we'll have an update once we get more information." Security is serious business. Let's hope Adobe jumps to the pump this time and promptly issues a patch.

[via CNet]

Tags: adobe-reader, exploit, security-flaw

Filed under: OS Updates, Security, Windows, Microsoft, Windows x64

Windows 7 's quieter UAC a security risk? Of course it is.

Windowsby Lee Mathews Jan 30th 2009

When Microsoft introduced UAC in Windows Vista, it was pretty much universally slammed for being annoying, intrusive, and unwanted.

So with Windows 7, Microsoft decided to respond to the complaints and ease up on the prompts. Now, there's an uproar because doing this has caused security problems.

The problem: by default, UAC in Windows 7 doesn't notify you if you make changes to Windows settings. Of course, that means that a script that can impersonate you and send keystrokes can make changes and you won't see notifications.

To make things worse, that includes disabling UAC completely. From there, a malicious script could perpetrate all kinds of badness.

In his post, Long Zheng states that the solution could be as simple as forcing a prompt whenever attempts are made to change UAC settings. Also, if you crank up the notifications to always notify, that will solve the problem as well.

Correct me if I'm wrong, but that makes sense, right? I'm not prepared to slam Microsoft over this just yet. Windows 7 is still in Beta, and the changes to UAC were made as a response to outcry from their user base. If you're responsible and keep your machine properly protected, this shouldn't pose a significant risk.

Don't get me wrong - I completely understand the implications and the potential for this to cause trouble. It's just that I don't see this as that big a deal considering the huge number of people still beating the Windows XP drum, and it's even less secure than Windows 7 - even with a "flaw" like this.

Tags: security-flaw, uac, windows-7

Filed under: Security, Windows, Browsers

Microsoft: Internet Explorers 5 through 8 vulnerable to attack

Windowsby Brad Linder Dec 14th 2008


There's a bug in Internet Explorer that allows attackers to execute malicious code on your machine under certain conditions. When Microsoft first acknowledged the vulnerability a few days ago the company was under the impression that only Internet Explorer 7 was affected. But the security advisory has been updated and it's now clear that the flaw affects every version of Internet Explorer from IE 5.01 SP 4 through Internet Explorer 8 Beta 2.

Microsoft recommends enabling a firewall and anti-virus software to minimize your risk, as well as using Protected Mode in IE7 or IE8. We'd add that you could also switch to a browser that doesn't have this vulnerability like Firefox, Google Chrome, Safari, or Opera at least until Microsoft issues a fix.

[via Computer World]

Tags: internet-explorer, security, security-flaw, vulnerability

Featured Time Waster

Graveyard Shift - zombie-busting Time Waster

With Halloween fast approaching, it's a great time to get in some practice defending your territory against zombies. In Graveyard Shift, you take aim at zombies and other creepy-crawlies, blasting them into splatters of cartoony green guts. It's a casual first-person shooter, and it's very easy to get the hang of - use the mouse to aim, click to fire. Graveyard Shift has at least 15 levels, and it might even have some secret stages I haven't unlocked yet. They key to getting good at Graveyard Shift is learning to use ...

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures
Microsoft Security Essentials
Chromium Pre-Alpha on CrunchBang Linux
Safari 4 Beta
10 Firefox themes that don't suck
IE8 RC1
Download Squad at the Crunchies After-Party
Download Squad at the Crunchies
WordPress 2.7
Cooking Mama: Mama Kills Animals
Windows 7 Hands On
Comodo Internet Security
Android First-look: Amazon.com MP3 Store
Android First-look: Twitroid
Google Reader Android
Android Hands-On
Twine 1.0
Photoshop Express Beta
Mozilla Birthday Cake
Palm stuff
Adobe Lightroom 1.1

 


Follow us on Twitter!

Flickr Pool

www.flickr.com

Most Commented On (7 days)

Recent Comments

More Tech Coverage

AOL Radio

Joystiq

TUAW

Daily Finance

Autoblog

Urlesque

Engadget

WoW

Switched.com

FanHouse