Adobe PDF Zero Day Warnings : Experts agree

All the Security experts online are talking about The 2 Zero Day Adobe Vulnerabilities:

• F-secure
• Graham Cluely’s Blog
• Sans Internet Storm

As you can see this seems to be one of those Adobe problems we had in the past with Javascript.   They seem to be having a major problem with Javascript vulnerability and the old saying is to just to disable Javascript in PDF’S again.   Adobe is calling this a Potential Adobe Reader issue and is suggesting that the users disable Javascript until this is fixed with a security update.

This is mostly affect the corporate world more than the private sector because of the fact corporate world will use PDF by sending them through emails.   I suggest installing another reader and these are all free.

Be advised the vulnerabilities affects Linux, Windows, and Macintosh systems.  This will most likely mean that even Macintoshes could be used to create even more botnets and will need to disable there Javascript until this issue is fixed or maybe they would like to find another reader themselves.  This also goes for Linux users but I have not heard of anything in the wild yet.

Don’t forget to install some free Anti-virus and Free Firewalls to help protect your system from becoming a botnet.

So it Is April 1, 2009 Now What?

So you survived the April Fools Joke that most people were talking about. Are you more Mindful of what a Virus is and how to best defend against it.  If not let’s go back in the past and talk about some of the necessary Programs:

• If you haven’t already installed a Free Anti Virus, this would be the time to.  Also install a Firewall to better protect you.
• Never install any software from unknown site — This is most important even though they seem harmless enough there are sites that have fake adobe updates or even flash updates that will install Maleware into your system.  So if you have any doubt should visit the main site like Adobe.com to check for updates.
• If something scares you, count to ten –  That is very useful when it comes to scareware sites that like to scare you into buying there fake anti virus software that doesn’t do anything.  I say count to ten because by the time you did you will go looking for information on either that site or that warning and come to the conclusion it was scareware.

Mac Users aren’t Immune, so stop broadcasting “You’re glad you have a MAC”

With the Conficker going on right now, I am seeing more and more Tweets about Mac and

Now I might not know a lot but this type of Smug confidence will be the downfall of the Mac’s in the coming years.  I have to ask do you not expect to get a virus at ALL?    You see when a company like Apple starts to get above a certain degree in the eyes of the hackers.  They will become a target, not a big target but a target.

In one of my post I talk about Mac’s and Botnet, you should really read it.  It talks about why Apple will become the next fail whale.    Some other Articles to Consider are:

• Not A MacCinema Installer — (Pub 3/31/09) (F-secure)
• New Malware Cracks Macs — (Pub 3/28/09) (TrendLab Maleware Blog)
• Yahoo Question about a Mac Virus –  (Pub 3/28/09) (Yahoo Answers)
• Mac malware authors still plugging away — (Pub 3/23/09)  (Sopho’s Blog)

And So I went into Google to see the trends for “Mac Virus” and Here is what I seen:

Reviewing the 3G A600 Cricket Modem

So I got the Modem and wanted to test out the speed being stationary, So I go to my usual site Speedtest.net look at the speed, check below for speed.
As you can see this went fairly well. It does depend on your Cricket Coverage area. So you want to hear all about it.

First thing if you are upgrading from the UM100 Broadband Card, You’ll want to uninstall the Quicklink Software.  To do that you can uninstall it by going to:

Computer > C: Drive > Program Files > Cricket > Quicklink > UNWISE.EXE

(This will uninstall the Quicklink software, I’d suggest after you uninstall it you reboot.)

How does the USB Modem work?

Once you do that you can then insert the A600 Modem into your USB.  The Nice thing about this is the software for the Modem is on the Modem itself, so you don’t loose the CD for the modem.  It currently only supports Windows and MAC OSX operating system but I have seen there is a work around to use the A600 Modem with Linux if your wondering.Once you insert it into the USB you’ll find you have a new Drive.  It will say a Cricket CD Drive with 24 megs used.  You’ll want to run that program on the Cricket CD and that will install the software.

Apple’s Not immune after all

In a recent post from the San Internet Storm Center:

Apple

• APPLE-SA-2009-01-21 QuickTime 7.6: Multiple vulnerabilities all them referencing “arbitrary code execution”. (CVE-2009-0001, CVE-2009-0002, CVE-2009-0003, CVE-2009-0004, CVE-2009-0005,CVE-2009-0006, and CVE-2009-0007)
• APPLE-SA-2009-01-21 QuickTime MPEG-2 Playback Component: arbitrary code execution. (CVE-2009-0008)

Apple has said they will not say yes or no to this report and that they will be investigating this fully. I’ve been saying Apple needs to get it’s head out of the sand. According to Apple these effect both Mac’s and Microsoft so they are a software related vulnerability. Soon or later someone will want to create a botnet and infect Macintosh’s with virus or even a worm just to show apple that they could. In a recent article from PcWorld, They talk about a Trojan called OSX.RSPlug.D. This will just increase the fact that they are going to start targeting a OSX because of the lack security. Apple, Needs to get it together and start patching just as much as Microsoft.

More Information on the downadup Worm

If your working to get rid of this Downadup Worm, F-secure is giving out a free removal tool to help with that task.   According to F-Secure Worm:W32/Downadup.gen description which Talks about how bad this worm is.

Due to companies not updating the MS 08-067 patch, it is the primary way for this worm to get onto a system.

Graham Cluely’s Blog ask a question and got quite a few answers from the users. The results of the poll are 53% believe the hackers are to blame, and 30% think the System Administrators are to blame, and 17% think Microsoft is to blame for this worm.

I have a mix feelings over who is to be blamed for this worm. I think the person who wrote this, did it for a specific reason. We can’t expect any software we use to be 100% safe, even Macintosh are not 100% safe. Microsoft isn’t to be blamed because they tried to patch this as quickly as they could. I know that companies have a hard time keeping up with Microsoft updates, and they really can’t be blamed. I think Hackers are always going to make a virus just because they can. That’s in there nature and we will never be really rid of the virus or worm writers. They are in it for the Money, to boast, to take control of, or steal sensitive information. Windows being the Alpha Dog, people are always going to test the waters because of that.

Facebook Virus strikes again

“Look you were filmed all naked!” read the subject header on one iteration of the virus-spreading message, which is being sent automatically from infected accounts to the “friend” list for that account. Clicking the link usually takes users to a page that looks like YouTube, and a pop-up message advises the user to download a Flash plug-in. The download contains the virus, which replicates by contacting everyone on the victim’s Facebook friend list and advancing the hoax.

[Via Boston Media]

This is a good social engineered attack, they seem to have you download a virus into your system.  I Keep talking about how you need to be careful with emails.  I also suggest that you do a complete Virus scan if you think you’ve been hit with this.  There is only one way to prevent yourself from getting this little facebook virus and that is not to click it. Some other things to consider if you found out this was a virus is to contact the person who sent this to them so they to could do a virus scan on their system.

Windows 7 will sport Direct X 10 Compliance!

The new feature is called WARP10, for “Windows Advanced Rasterization Platform,” and it’s essentially a DX10-compliant, software-only rasterizer that was written by Microsoft; it runs directly on the CPU. In a situation where a DX10 app needs to run but can’t find DX10-compliant hardware, it will run on WARP10, albeit very, very slowly. Ultimately, you can think of WARP10 as a “software DX10 GPU” that will exist as a fallback in Windows.

[via Arstechnica]

Some bloggers are Hyping Windows 7 operating System.

After looking around the blogosphere, I’ve come to the realization that people are starting to get hyped up over Windows 7.   In one blog post from it.toolbox.com:

Windows 7 is due to hit beta and release in 2009, and odds are likely that if the pundits, all of us on the blogosphere and other places like PC World, Cnet, and others all agree that this works the way a computer was supposed to work will help drive sales. What is also interesting is that Microsoft is really pushing to get this puppy out. Along with the bloat are gone the five years of development.

[Via It.Toolbox.com]

I totally agree with what he is saying on the possibility to have an operating system actually do what it is told. Some things people have been looking for in there Searches in regards to Windows Vista are:

• Vista Shutdown Problems
• User Account Control
• Vista SuperFetch
• Vista and Battery Life
• What Microsoft Doesn’t want you to know!!