Adobe Reader Update Needed (AGAIN!)
It's become almost a weekly experience to hear that Adobe Reader has a new bug that needs to be dealt with. This week it's another
Javascript Method problem that allows remote users to execute restricted functions on your computer and take it over. We are
hearing reports of this vulnerability being actively exploited
You should immediately update your Adobe Reader software to version 8.12 Security Update 1
Mozilla Firefox Vulnerability
The Mozilla Firefox browser has a new vulnerability that will allow a remote user to execute arbitrary code on a target computer.
No solution was available as of this posting.
If you are running Mozilla Firefox at home you should have automatic updates turned on. If you don't you should check
regularly for patches and apply them as soon as they are available..
DNS Trojan Hacks Home Routers
We've had reports this week of a new trojan that hacks into home wireless routers and changes their DNS settings. DNS is like
an address book that tells the router where to look for the actual Internet Protocol (IP) address when you type in a URL (like
www.amazon.com). If the bad guys mess with your DNS settings they can tell your router to connect you up to their servers instead
of the legitimate servers you are looking for. So when you type www.amazon.com you are directed to a hacker's server that may
look exactly like amazon.com but in fact is attacking your computer as soon as you connect.
The new trojan also indirectly infects any computer that is connected to the wireless router. Home wireless routers are often easy
prey for hackers because home users don't know how or care to lock them down. Of course no one reading this newsletter would ever
have an insecure wireless router...
Make sure your antivirus is up to date and if you are running a wireless network at home, check out our 'Wireless Network
Security Guidelines' (link in the left pane), and make sure your router is secured.
Voice Over IP (VOIP) Phone Vulnerabilities
Avaya, Cisco and Nortel VOIP phones have new found vulnerabilities that would allow remote code execution, unauthorized access,
denial of service, or information harvesting. The vulnerabilities affect voice servers (VOIP PBXes) and softphone software that
runs on laptops or desktops.
If you use any of these types of VOIP phones, you should look for patches to be made available soon by the vendors.
Internet Travel Scam
This scam involves a website called Tickets2cheap.com boasting the lowest airfares in the world, believed to be run out of South
Africa. The company asks for payment through cash remittance agencies. When the money is received the fraudsters use stolen
credit cards to purchase the tickets. Often those credit cards have been cancelled by the time the traveller is ready to travel
and the tickets are no longer valid.
We do not recommend sending cash or using cash remittance agencies unless you have done a very thorough check of the veracity and
legitimacy of any company you do business with.
MAC OS X Vulnerabilties
In the last week or so we have seen several reports of new trojan vulnerabilities aimed at the MAC OS X operating system. Apple
maintains that these are not a real problem yet, but we are seeing reports of their being actively exploited.
If you are running MAC OS X at home, make sure your antivirus is up to date and watch for any new updates from Apple -
apply them as soon as they are available.
Apple Safari for Windows Fix
Microsoft and Apple argued over who was at fault for awhile, but now Apple has released a fix for a security issue in their
Safari browser for Windows.
If you use the Safari browser for Windows you should update it to version 3.1.2 as soon as possible.
