Adobe Reader 9

Published: 2008-07-17
Last Updated: 2008-07-17 22:13:00 UTC
by Mari Nichols (Version: 3)
3 comment(s)

One of our readers, Steve, let us know that the Adobe website has Version 9 of Reader available for download.  Be sure to notice that they kindly offer a "Free eBay Desktop" is checked by default and it is a 33.5MB download.

As far as security upgrades, Adobe says the Security enhancements provides new digital signature functionality. The new version also adds support for 256-bit AES encryption.  Other security features include SOAP/WSDL, XSD, Kerberos, W3C XML digital signatures, 256-bit AES, OASIS WS-Security, HTTP/HTTPS, RSA, XML encryption, and ECMAScript for XML (E4X) in the JavaScript interpreter. Reader is also NIST PKI test-suite compliant.

UPDATE  Downloaders Beware:  Tim M. wrote in to let us know that installing Adobe 9 leaves you with an "Acrobat.com" icon on your desktop.  It appears to be a beta version of software based on Adobe AIR and you do not have the option not to install it.  The icon launchs an app for sharing files, etc... on line.  This makes us wonder what kind of security implications arise from your users having online collaboration tools in a Beta distribution?  Included in the download are Adobe Buzzword, web-based online word processing and Adobe ConnectNow meeting facilitator, both allowing workers to share information.  The programs can be manually removed via Control Panel, Add or Remove Programs.

More info here:  http://www.adobe.com/acom/createpdf/?promoid=DAFVV 

UPDATE  2:  One of our readers Rauno let us know that a smaller installer, AdbeRdr90_en_US_Std.exe without these two extra apps, is available from Adobe's FTP website at ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.0/enu

Keywords: Adobe Reader 9 Adobe AIR Adobe ConnectNow Adobe Buzzword
3 comment(s)

Microsoft Updates 2 DirectX Bulletins

Published: 2008-07-17
Last Updated: 2008-07-17 18:48:22 UTC
by Mari Nichols (Version: 1)
2 comment(s)

Microsoft has issued a "Security Bulletin Major Revision" involving its DirectX products.  These revisions include the following two previously released bulletins and particularly affect administrative users as the resulting compromise allows the attacker to gain user rights. 

MS08-033   Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) is rated as critical and states that DirectX 9.0 was added as affected software. This vulnerability can be exploited through a specially crafted media file.  http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx

MS07-064   Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) is also rated critical and has been updated to reflect DirectX 9.0 and 9.0a as affected software.  This vulnerability can be exploited through a specially crafted media file via streaming.  http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx

Yet another opportunity to remind administrators to try not to log in with admin rights unless it is absolutely necessary.  It is much better to use a non-admin profile for routine tasks and surfing.  And yes, it might be more cumbersome, but surely, more secure.

Keywords: DirectX 9
2 comment(s)

Firefox Releases 3.0.1 and fixes 3 security vulnerabilities

Published: 2008-07-17
Last Updated: 2008-07-17 18:43:29 UTC
by Mari Nichols (Version: 1)
0 comment(s)

A security advisory released yesterday by Mozilla fixes the following issues and more:

MFSA 2008-36 Crash with malformed GIF file on Mac OS X. Where a specially crafted GIF file caused the browser to free an uninitialized pointer. This can crash the browser and allow arbitrary code execution on the victim’s computer.
 
MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running. Now this one had an easy workaround…. Just always run Firefox! 

MFSA 2008-34 Remote code execution by overflowing CSS reference counter. This vulnerability affects the CSSValue array data structure.
 
In addition to the security fixes, some stability issues, a phishing and malware database issue and and updated Public Suffix list are included in this version.
 
 
Update:  The new version isn't compatible with the SnagIt plugin.

 

Keywords: Firefox vulnerability MAC OS X
0 comment(s)

Comments

cwqwqwq

www

Nov 17th 2022
6 months ago

eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>

EEW

Nov 17th 2022
6 months ago

WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]

qwq

Nov 17th 2022
6 months ago

dwqqqwqwq mashood

mashood

Nov 17th 2022
6 months ago

[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)

isc.sans.edu

Nov 23rd 2022
6 months ago

[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]

isc.sans.edu

Nov 23rd 2022
6 months ago

What's this all about ..?

isc.sans.edu

Dec 3rd 2022
6 months ago

password reveal .

isc.sans.edu

Dec 3rd 2022
6 months ago

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

isc.sans.edu

Dec 26th 2022
5 months ago

https://thehomestore.com.pk/

isc.sans.edu

Dec 26th 2022
5 months ago

Login here to join the discussion.


Diary Archives