Craft Security's Blog

Adobe Acrobat bug

craftsecurity — Fri, 20 Feb 2009 10:19:13 +0000

A new bug has been identified in Adobe Acrobat which means that an attacker can run arbitrary code on your PC, and to fall for this all you would have to do is open a specially crafted PDF document.

There is currently no patch for this.

It affects the latest version of Adobe Acrobat (8.x and 9.x)

The best means of avoiding this attack is to not open PDF documents which may be affected. Good advice at any time: be suspicious of email messages from people you do not know and do not open attachments you are not expecting to receive.

http://www.adobe.com/support/security/advisories/apsa09-01.html

How secure is your PC?

craftsecurity — Mon, 16 Feb 2009 08:29:21 +0000

So you have set a strong administrative password on your Vista PC and use a less privileged account for day to day use – great. But this link is a reminder if one were needed that without other controls anybody who has access to your PC can hack into the adminstrator’s account and get full control of your machine.

Change Vista Password From Install DVD

Similar techniques are just as straight forward on other operating systems.

Physical security is important!

This is just one example where if you can get direct access to the hardware other means of compromising your system are opened up.

One essential Internet security test…

craftsecurity — Sat, 14 Feb 2009 20:34:02 +0000

Here’s one test that will give you peace of mind when connecting your PC to the Internet, a must-have tool which will show you whether an attacker can access your machine remotely. Steve Gibson’s ShieldsUP! utility has been used over 80 million times to test whether PCs have open network ports visible to the outside world.

It works by using the servers at Gibson Research Corporation (GRC) to attempt to make a connection to your PC on a range of network ports.

GRC ShieldsUP!

Select the ‘All Service Ports’ option to test the first 1056 port numbers.

If the results show a successful connection on any port number you should consider carefully whether that really should be the case…

Free on-line antivirus scan

craftsecurity — Fri, 13 Feb 2009 19:13:08 +0000

Think your PC may have a virus? You do have antivirus software installed and running with the latest updates don’t you?

Well you may also like to scan your PC with another antivirus product. Several suppliers offer a free online scan. Check out the links below to compare the results.

Kaspersky Online Scanner

Try out the virus scanners – these will identify any potential problems but if any are found you will need to purchase the software to have it removed.