dimland.blogspot.com The recently discovered zero-day attacks targeting critical vulnerabilities in Adobe’s ubiquitous Reader application are able to bypass recently added security defenses unless end users manually make changes to default settings, company officials said. According to an advisory Adobe published Wednesday night , the “protected view” feature prevents the current attacks from working—but only if it’s manually enabled. To turn it on, access Preferences > Security (Enhanced) and then check the “Files from potentially unsafe locations,” or even the “All files” option. Then click OK. There’s also a way for administrators to enable protected view on Windows machines across their organization. The revelation is significant because it means users aren’t protected when using the default version of the widely used document reader. The limitation came to light following the discovery of in-the-wild attacks against current versions of Reader, which are being exploited to surreptitiously install malware on end-user computers. The exploit is also noteworthy because its intricate code base bypasses several additional protections added just four months ago with the goal thwarting malware attacks. Read 6 remaining paragraphs | Comments
Link:
Thanks, Adobe. Protection for critical zero-day exploit not on by default
Aurich Lawson Early on Halloween morning, members of Facebook’s Computer Emergency Response Team received an urgent e-mail from an FBI special agent who regularly briefs them on security matters. The e-mail contained a Facebook link to a PHP script that appeared to give anyone who knew its location unfettered access to the site’s front-end system. It also referenced a suspicious IP address that suggested criminal hackers in Beijing were involved. “Sorry for the early e-mail but I am at the airport about to fly home,” the e-mail started. It was 7:01am. “Based on what I know of the group it could be ugly. Not sure if you can see it anywhere or if it’s even yours.” The e-mail reporting a simulated hack into Facebook’s network. It touched off a major drill designed to test the company’s ability to respond to security crises. Facebook Facebook employees immediately dug into the mysterious code. What they found only heightened suspicions that something was terribly wrong. Facebook procedures require all code posted to the site to be handled by two members of its development team, and yet this script somehow evaded those measures. At 10:45am, the incident received a classification known as “unbreak now,” the Facebook equivalent of the US military’s emergency DEFCON 1 rating. At 11:04am, after identifying the account used to publish the code, the team learned the engineer the account belonged to knew nothing about the script. One minute later, they issued a takedown to remove the code from their servers. Read 31 remaining paragraphs | Comments 
