Technical Tidbits™

Posts Tagged ‘adobe’

I am shocked, nay appalled, that I’ve been out doing repairs, maintenance, and just overall visiting with friends and I see that they have NOT updated their JAVA and ADOBE Acrobat or Reader!

It’s not like I don’t have a Weekly Security Digest that tells you to update your Adobe. And it’s not like Java doesn’t pop up with its “Update Available” icon and reminder. But are you updating? NO!

And the two updates are related as there are public exploits available to take advantage of these flaws!

For those of you who are newer to the whole security thing, let me explain what I’m saying to you.

In layman’s terms, a vulnerability is a flaw or hole in a software.

An exploit is a way (method) to use that flaw or hole to gain access to a persons computer.

A public exploit means that a bunch of bad guys posted the way or method (exploit) on a public website where any hacker (bad guy) can see it and use it!

Now, put this all together and if you do not update your Java and Adobe products, you are subject to being a victim to these bad guys who learned how to get into your computer using a method they’ve gotten off a website and using it to access the flaw or hole in your software.

You maybe wondering how they do this?

They are doing it through a specially written (crafted) Adobe PDF. You may download it from a website that you think is legitimate. You might get it in an e-mail. You might even pay for it from a site that’s selling ebooks!

I can hear some of those more advanced readers saying, “WHAT?”

That’s right! Many of these Internet Marketer’s and fly-by-night affiliate marketer’s are using very unsecured sites and web hosts to host their make-on-the-fly websites! It is very easy for someone to hack the site and replace the e-book with a bad one! Think about that!

And if you’re in doubt, and want to see some of the more recent vulnerable (has a hole or flaw) scripts that are out there right now, visit our archive of the most recent Security Digest and view the “Other Vulnerabilities” section! Trust me when I say that this was a very mild week for web applications!

And while you’re looking it over, click the Join Our Mailing List button in the left sidebar toward the top, and sign up for the free month’s trial of the Digest! (There’s other FREE newsletters available there too!)

There is absolutely no reason why you should fall victim to these morons out there! We let you know what you need to do in our Security Digest and we even provide the link to the upgrades, patches, or fixes!

And for those of you who are more technical, or are the guru in your office or family, you’ll find the majority of the information very valuable because we put all the vulnerabilities in one place!

Did I also mention there is a section on current technical recalls?

Sales pitch done.

SIGN UP NOW and Update your JAVA and ADOBE READER NOW!

You can do this yourself!

If you didn’t read anything about the new FTC regulations that Bill Mitchell and I discussed on the BlogTalk radio show, I thought I’d discuss it here and provide you with a  link to more information.

Called: Guides Concerning the Use of Endorsements and Testimonials in Advertising(16 CFR Part 255) the new rule addresses endorsements by consumers, experts, organizations, and celebrities, as well as the disclosure of important connections between advertisers and endorsers.

In short, disclose any monetary gain, or lack thereof, or get fined.

According to the press release on the FTC website:

Under the revised Guides, advertisements that feature a consumer and convey his or her experience with a product or service as typical when that is not the case will be required to clearly disclose the results that consumers can generally expect. In contrast to the 1980 version of the Guides – which allowed advertisers to describe unusual results in a testimonial as long as they included a disclaimer such as “results not typical” – the revised Guides no longer contain this safe harbor.

However, that’s not where it stops either. For the interest of time, I’ve provided the link to the actual CFR guideline text at the end of this article so you can read it further.  And if you’re an Internet marketer of any sort, I suggest you do!

That all being said, too bad the FTC doesn’t go after BIG corporations like Microsft! First of all, the market online. Secondly, they make claims of how wonderful their user experience is. All bull and false advertising!

And what about other major corporations and advertisers? Or is this just aimed at the little guy?

I’m not going to even get started. This about information and not a rant. You read the guidelines, decide for yourself, and feel free to comment here!

Text of the notice (This link requires Adobe Acrobat Reader)

AND HERE’S A TYPICAL EXAMPLE OF WHAT I WAS JUST ASKING!

I went to Adobe to get a copy of the link to get the free reader and this is what I see!

You can download the Free PoS (Piece of Sh#t) McAfee Security Scanner compliments of Adobe. Are they getting compensated for featuring McAfee and including it as an additional download? If so, why isn’t there a disclosure?

And to the folks at Adobe, WTF? Don’t you make ENOUGH profit on the sale of your software - which is HIGHLY overpriced to begin with and excludes small companies like ours from buying it – that you have to pimp McAfee’s miserable software?

UnFEAKING believable!

DISCLAIMER: MICE Training, Technology & Education and Debbie Mahler received no financial gain nor compensation for any information in this blog post. Nor does it represent an endorsement of the FTC and its rules.

Note to Wordpress Plug-in creators: Can we get a plug-in that automatically posts a disclaimer at the end of each blog post? I think we’re going to need one! Let me know when you’ve created it!

US-Cert has just issued a security alert affecting Adobe Reader versions 9.1.1 and earlier & Adobe Acrobat (Standard, Professional, and 3D) versions 9.1.1 and earlier warning about vulnerabilities that exist that allow an attacker to take control of your computer.

The recommended course of action is to disable JavaScript capabilities in both software.

In Acrobat Preferences menu:

• Open the Edit menu.
• Select Preferences.
• Choose JavaScript.
• Un-check Enable Acrobat JavaScript.

Disable the display of PDF documents in the web browser.

To prevent PDF documents from automatically being opened in a web browser, do the following:

• Open Adobe Acrobat Reader.
• Open the Edit menu.
• Choose the Preferences option.
• Choose the Internet section.
• Un-check the Display PDF in browser check box.

Do not open unfamiliar or unexpected PDF documents.

Read the Adobe Security Bulletin with links to update your product(s) – at the end of the bulletin – here:

http://www.adobe.com/support/security/bulletins/apsb09-07.html

---

If you are a user of any Intuit products such as:

• Quickbooks  (US, Canada & UK)
• Quicken (US, Canada & UK)
• TurboTax
• Innovative Merchant Solutions
• ProSeries and ProSeries Express – tax years 2003-2006
• ImpôtRapide (Canada)
• QuickTax (Canada)
• Clearly Bookkeeping (UK)

There is a a potential security vulnerability which involves AnswerWorks software, which is licensed from Vantage and developed on Microsoft’s ActiveX platform. It’s used in the “Help” feature of the affected Intuit products.

You will need to download and install a patch to help protect you!

The patch links are available here:

http://about.intuit.com/support/security/