Even if you are not a FOSS aficionado, this event might well make a good introduction to the genre and its a rare enough opportunity to make the connections as an Aussie event comes to NZ. linux.conf.au [Read more →]

Share this post

Hide Sites

Most of us open and read PDF attachments or downloads (our banks and government departments produce many documents for download this way) despite the fact that the security of the Adobe Acrobat reader has long been suspect. But now the company has confirmed that it is positively unsafe. Ryan Narain at ZDNet has the full story. Adobe confirms PDF zero-day attacks. Disable JavaScript now

Malicious hackers are exploiting a zero-day (unpatched) vulnerability in Adobe’s ever-present PDF Reader/Acrobat software to hijack data from compromised computers.

According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild.

The company has activated its security response process but declined to offer any more details until an investigation is complete.

Unfortunately, the company did not provide any mitigation guidance for customers.

The folks at ShadowServer describe the situation as “very bad.”

We did not discover this vulnerability but have received multiple reports of this issue and have examined multiple different copies of malicious PDFs that exploit this issue. This is legit and is very bad.

Here’s what we know so far:

We can tell you that this exploit is in the wild and is actively being used by attackers and has been in the wild since at least December 11, 2009. However, the number of attacks are limited and most likely targeted in nature. Expect the exploit to become more wide spread in the next few weeks and unfortunately potentially become fully public within the same timeframe. We are fully aware of all the details related to the exploit but do not plan to publish them for a few reasons:

1. There currently is no patch or update available that completely protects against this exploit.
2. There is little to no detection of these malicious PDF files from most of the major Antivirus vendors.

With that said we can tell you that this vulnerability is actually in a JavaScript function within Adobe Acrobat [Reader] itself. Furthermore the vulnerable JavaScript is obfuscated inside a zlib stream making universal detection and intrusion detection signatures much more difficult.

In the interim, Adobe PDF Reader/Acrobat users are urged to immediately disable JavaScript [as follows]:

Open Acrobat and Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

Or, better yet, use an alternative PDF Reader software program.

I use one called Foxit that works perfectly well, it also has a paid version called Foxit Pro that enables me to edit most PDF files except those locked with password protection. Although there's a learning curve, its very handy.

Share this post

Hide Sites

I've done plenty of presentations to various sizes of audience but the same problem always comes up, apart from the fact that the projector doesn't work about half the time. The other problem is that once you have finished, that's it, end of all that work. Sure, you can hand out slides but if you are using your presentation tool correctly, most of the content is missing from the slides, its in what you say and how you say it.

Enter Slideshare, a free service for rescuing all that hard work and making it available to others, those who were at the conference but have forgotten just what you said, or fell asleep during it, and especialyl those who didn't get to the event. [Read more →]

Share this post

Hide Sites

As a dedicated keyboard short-cutter, I look for those items almost as soon as I load up on some new software, I especially like software that lets me decide for myself what shortcut I will use. That way I can use combinations of keystrokes that are easy for me to remember.

Browsers are actually full of all kinds of capabilities that can help us find our way around the web, especially to sites that we visit often. One of the shortcuts I use most often is the address bar shortcut.

The video on how to set it up is here

Do you have any favourites? Drop them into the comments please.

Share this post

Hide Sites

One of the things that is most likely to keep me using my existing system, apart from the fact that it works perfectly well and does everything I need, is that moving to a new Windows machine is SUCH a pain, and yes, I know Apple makes it easy.

I use many programmes, many of them free, but even so, finding the downloads and installing them all takes a huge amount of time. Wouldn't it be good if we could have just one tool that let you select all the software you usually use and install it in one hit?

Courtesy of How-To Geek, Tadaaahh! Ninite Makes Installing Software Incredibly Simple

Ninite is a cool new service created by two programmers in San Francisco who believe that installing software shouldn’t require work.

It’s simple to use and has a large selection of popular freeware and open source applications. Just pick the apps you want to install, download the Ninite installer, then walk away and do something fun while it does all the work for you. The service installs the software with default settings and says “no” to any extra crapware (like browser toolbars) the installers might try to sneak in. Ninite isn’t even installed on your system, you just use a stand alone executable to begin the install process.

As we see fewer and fewer machines with CD/DVD drives installed and more and more network-centric applications anyway, the day of buying and installing a specific programme on your machine may be going away steadily.

But in the meantime, we could all do with a halfway step that lets the machine do the donkey-work; isn't that why we got them in the first place?

How do you manage your software reinstalls? I tend towards the "swearing about losing the disc, then swearing about losing the product activation code, then swearing about having to set up my preferences again from scratch" model.

And you? Comments are open.

Share this post

Hide Sites