The Digital Rag
Real World Information in a Virtual World
Sign Up!
Login Welcome to The Digital Rag
Wednesday, March 10 2010 @ 03:14 PM PST

The Digital Rag - One of the longest-running webzines on the internet

From Government to Motorcycling to the Internet - news and views

Adobe PDF Compromise - and Parking Ticket Scam

Friday, February 20 2009 @ 09:21 AM PST

Contributed by: Richard Pitt

Newsletter Postings

Adobe's Version 8 and 9 PDF readers - Acrobat and Reader - will be patched March 11 according to my information sources. In th mean time you should watch out!

And hey - when was the last time you got a parking ticket that installed malware on your computer? Just wait!


InforWorld and others are reporting that Adobe Systems PDF readers Acrobat 9 and Reader 9 as well as older versions 8.1.x have a flaw in them that is being actively attacked by the "Bad Uglies" (you know - the guys who want to steal your computer and identity and rule the world)
http://www.infoworld.com/article/09/02/20/Adobe_flaw_heightens_risk_of_encountering_malicious_PDFs_1.html

According to http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 the fix is to disable JAVASCRIPT (the language that is used by many web sites to give you "active" content and in this case is also enabled by default in Adobe's readers) as follows:

"Disabling JavaScript is easy. This is how it can be done in Acrobat Reader:
Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript"
Adobe is promising a fix by March 11 - but in the mean time please apply the above fix (which in my opinion should be done in any case) and watch out for where you get PDF documents from. In general if you get them from reputable places (My Hydro bill comes as a PDF for example) you should be fine - but if you're looking at a web site that might be offering you PDF books or other large documents via PDF you should consider carefully what you're doing.

I always "hover" my mouse over links and look at the info bar at the bottom (of Firefox - you ARE using Firefox aren't you?) to see where the link will take me. If it ends in PDF you know it is a potential target for this exploit.

-----------------

In other news:

The following PHISHING e-mail has been seen (I've received one, and I run my own e-mail service so I know I didn't send it!)
--------------------------
Dear email account owner,


This message is from somewhere email administration center to all email
account owners. We are currently upgrading the email securities of our
database and email account center. We are also conducting a routine check
by deleting all unused accounts to create more space for new accounts.

To prevent your email account from being closed, you will have to update
it below by providing us with the below mentioned so that we can ascertain
that your account is prensently in use.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email Username:....................
Email Password:....................
Date of Birth:.....................
Country or Territory:..............

Warning!!! Account owner that refuses to update his or her account within
Seven days of receiving this warning will lose his or her account
permanently.


Regards,

Admin Team

Thank you for using somewhere email account

-------------------------

 

By now you should know that any such request for personal information, whether by e-mail or phone or snail-mail, unsolicited and unidentified should be either ignored or checked out with INDEPENDENTLY verifiable means.

 

This means that if you get a call or e-mail or postal from someone purporting to be from Revenue Canada, your credit card company you should contact the relevant company/agency using the information published in the phone book or via their (verified) web site.

 

I'll note here that there has been a very interesting "Phishing" attack I've heard of recently:

Car owner finds what looks like a parking ticket on their windshield - with a web site URL where "you can see a picture of your car taken when this ticket was issued to verify it is yours" - the site requires the viewer to download and install a "viewer" program - DON'T!!!!! This is "malware" - bad stuff that infects your computer. No legitimate and reasonably well-versed government agency (or for that matter private company) is going to make you use custom software these days. The worst they do is force you to use a reader for PDFs (see above) and there are open source ones you can use if you don't trust Adobe.

So be safe out there - it's a harsh online (and offline) world

 

richard

 

What's Related

Story Options

Navigation

?

Search


Advanced Search 

Popular tags at this site

What's New

Stories


Comments last 2 days


Trackbacks last 2 days

No new trackbacks

Older Stories

Thursday 18-Feb


Wednesday 17-Feb


Tuesday 16-Feb


Monday 15-Feb


Sunday 14-Feb


Saturday 13-Feb


Friday 12-Feb


Thursday 11-Feb


Wednesday 10-Feb

Ad

RSS Feed

Feed from the Whole Site
Link Me To:
The Latest Pacdat News Postings

Sponsors

Subscribe to: The Digital Rag Newsletters
Pacific Data Capture

Also, See Richard's Main Web Site

  • US Work Visa Advice
  • Hand Crafted Solid Maple Furniture
  • Vacation Bliss - a Villa in Jamaica
  • The Taxman - Cross-border Guru
  • Bannerline Communications

    • Poll

    How Do You Like To Read News About Internet/Computers?

    How do you like to find out news about the internet and computers?

    •  Newspaper
    •  Radio
    •  TV
    •  Web Search
    •  Favourite Web Site(s)
    •  Pod Cast
    •  Video Online
    •  Email List(s)
    •  RSS - Syndication
    •  Word of mouth
    This poll has 0 more questions.
    Results
    Other polls | 3 votes | 0 comments