Adobe Reader Security Issue Found

May 8, 2013 by admin
Filed under Security

Comments Off on Adobe Reader Security Issue Found

McAfee has discovered a vulnerability in Adobe’s Reader program that allows people to track the usage of a PDF file.

“Recently, we detected some unusual PDF samples,” McAfee’s Haifei Li said in a blog post. “After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader.”

The affected versions of Adobe Reader also include the latest “sandboxed” Reader XI (11.0.2).

McAfee said that the issue is not a “serious problem” because it doesn’t enable code execution, however it does permit the sender to see when and where a PDF file has been opened.

This vulnerability could only be dangerous if hackers exploited it to collect sensitive information such as IP address, internet service provider (ISP), or even the victim’s computing routine to eventually launch an advanced persistent threat (APT).

McAfee said that it is unsure who is exploiting this issue or why, but have found the PDFs to be delivered by an “email tracking service” provider.

The vulnerability works when a specific PDF JavaScript API is called with the first parameter having a UNC-located resource.

“Adobe Reader will access that UNC resource. However, this action is normally blocked and creates a warning dialog,” Li said. “The danger is that if the second parameter is provided with a special value, it changes the API’s behavior. In this situation, if the UNC resource exists, we see the warning dialog.

“However, if the UNC resource does not exist, the warning dialog will not appear even though the TCP traffic has already gone.”

McAfee said that it has reported the issue to Adobe and is waiting for their confirmation and a future patch. Adobe wasn’t immediately available for comment at the time of writing.

“In addition, our analysis suggests that more information could be collected by calling various PDF Javascript APIs. For example, the document’s location on the system could be obtained by calling the Javascript “this.path” value,” Li added.

Source

Tags: Adobe Flash exploit, Adobe Reader, Adobe Reader XI, android, Android 2.2.2, Android Market Place, Android Market Security Tool, Apache License, apps, CA, Cellular, China, code, command-and-control server, CVE-2011-0609, cybercriminals, devices, DroidDream, exploid, Freemont, Google, Hackers, handsets, hardware, IMEI, IMSI, infected devices, International Mobile Equipment Identity, International Mobile Subscriber Identity, malicious code, malware, MCAfee, mobile OS, mobiles, operating systems, owners, patches, phones, projects, rageagainstthecage, Security, security specialists, security tools, servers, SIM cards, SMS, Software, stolen information, Symantec, technology, text messaging, third-party applications, tools, USA, users, vendors, version, Zero Day

Is Apple Really Security Conscious?

March 27, 2013 by admin
Filed under Security

Comments Off on Is Apple Really Security Conscious?

Is Apple proving how clueless it is about security by backing a method of replacing passwords with fingerprint readers?

Just days after a scandal where a South American hospital was staffed by phantom doctors who used silicon fingers of their colleagues to convince administrators’ finger print readers that they were working, Apple has decided that they are the perfect form of security.

Word on the street is that Apple is said to be planning to introduce an iPhone that can be unlocked by the owner’s fingerprint. Speculation about Apple’s plans for fingerprint recognition began last summer when the iPhone maker bought bio-metric security firm AuthenTec for $335 million.

It is believed that the iPhone 5S will have a fingerprint chip under the Home button, to “improve security and usability.” Meanwhile in an engineering journal, two Google security experts outlined plans for an ID ring or smartphone chip that could replace online passwords, which is a lot sexier than fingerprint scanning.

Source

Tags: AP, apple, ASIA, assemblers, colors, components, Computers, Computing, Consumer Electronics, consumers, customers, devices, displays, electronics, FBI, finger Print Reader, Handheld, HD, high-resolution, internet, iOS, ipad, iPad 3, iPhone 4s, iphone 5, Loss Prevention, manufacturing, Mobile, newspapers, October, Online, panels, pixels, police, portable, sales, Security, security analysts, Steve Jobs, suppliers, tablets, technology, Theft, touchscreen, version, Wall Street Journal, web, Wireless

Is Windows 8 In High Demand?

November 7, 2012 by admin
Filed under Computing

Comments Off on Is Windows 8 In High Demand?

Microsoft Corp Chief Executive Steve Ballmer said on Monday demand for the company’s new Windows 8 operating system, that went on sale last Friday, was running at a higher rate than its last release, Windows 7.

“We’re seeing preliminary demand well above where we were with Windows 7, which is gratifying,” Ballmer said at an event launching new Windows phones.

Windows 7 is the best-selling version of Windows so far, selling more than 670 million licenses in three years since release in 2009.

“Over the weekend we saw an incredible response around the globe to Windows 8 and the Microsoft Surface,” said Ballmer, referring to Microsoft’s first own-brand tablet, designed to challenge Apple Inc’s iPad. He did not give out any sales figures.

On Friday, there were moderate lines at Microsoft’s 60 or so stores across the United States for the Surface.

Ballmer was in San Francisco speaking at an event showcasing phones running its new Windows Phone 8 software, which go on sale this weekend.

Microsoft has struggled to make headway in the smartphone market, holding just 3.5 percent of the worldwide market, compared to 68 percent for Google Inc’s Android devices and 17 percent for Apple’s iPhone, according to tech research firm IDC.

The company highlighted how the new phones make use of Microsoft’s SkyDrive cloud service, enabling users to sync and transfer music, documents and photos between PCs, tablets and the Xbox game console. Microsoft added that it now has 120,000 apps in its online store for phones, still far fewer than the number available for iPhone and Android users.

Source…

Tags: analysts, android, apple, apps, Cellular, cloud computing, cloud service, colorful phones, Computers, Computing, consumers, demand, desktops, devices, documents, executives, gadgets, Gaming, Gaming Consoles, global, global marketing, hardware, HTC, IDC, ipad, iPhone, laptops, launch, licenses, marketing, Microsoft, Microsoft Surface, Mobile, Music, music transfer, Nokia, Operating System, OS, PC's, phones, Photos, research, retail, sales figures, samsung, servers, SkyDrive, slim, smartphones, Software, Steve Ballmer, stores, Surface, Sync, tablets, technology, version, Windows, Windows 7, Windows 8, Windows Phones, xbox

Adobe Flash Exploited

March 16, 2011 by admin
Filed under Around The Net

Comments Off on Adobe Flash Exploited

Hackers have found a way to exploit Adobe Flash Player by using a zero-day vulnerability by using Microsoft Excel documents that was confirmed by Adobe yesterday. Adobe representatives that they will not be able to patch Flash until next week. Therefore, if you use Flash you are on your own until next week. Read More….

Tags: Adobe Flash exploit, advantages of using a consultant, android, Android 2.2.2, Android Market Place, Android Market Security Tool, Apache License, apps, best Internet Phone Service, CA, Cellular, Chicago Computer Help Desk, Chicago Computer Services, Chicago Data Center, Chicago Internet Providers, chicago PC Technician, Chicago Telcom Audits, Chicago VoIP, China, cloud computing, Cloud Computing Chicago, code, command-and-control server, computer consultant, Computer Consultants, Computer Help Desk, Computer Install, computer network services, computer programmers, computer Serurity, Computer Services, Computer Technician in Chicago, Computer Technician Outsourcing, CVE-2011-0609, cybercriminals, data centers, Desktop Services, devices, DroidDream, email services, exploid, Freemont, Google, Hackers, handsets, hardware, Help Desk Services, hosted exchange, IMEI, IMSI, infected devices, International Mobile Equipment Identity, International Mobile Subscriber Identity, IT Audits, IT Outsourcing, IT support services, linksys routers, malicious code, malware, managed IT services, Microsoft Excel Exploited, mobile OS, mobiles, Network Design, network management, Network Optimization, Network routers, Network Services, network solutions, network support services, online data backup, operating systems, owners, patches, PC repairs, phones, projects, rageagainstthecage, Routers, Security, security specialists, security tools, Server Management, servers, SIM cards, SMS, Software, stolen information, Symantec, technical support, technology, Telcom Audits, telephone auditing review, text messaging, The Syber Group, third-party applications, tools, USA, users, vendors, version, Virtual Computers, Virtual Machine, Virtualization, VoIP in Illinois, VoIP MPLS, voip office phone systems chicago, Windows Technician, Wireless Internet, Zero Day

Advantages of Using a Consultant

Information Security

Biggest Data Breaches

News

Connect With Us

Join Our Mailing List

Latest News

Request A Quote

Contact Us

Adobe Reader Security Issue Found

Is Apple Really Security Conscious?

Is Windows 8 In High Demand?

Adobe Flash Exploited