Monday, April 19th, 2010
Identity thieves are now using the “/launch” command feature in Adobe Reader to launch malicious attacks. It is the same “feature” that’s been in the news in recent weeks.
When the PDF is opened In Adobe Reader with JavaScript enabled, a dialog box is displayed asking the user to “Specify a file to extract to”.
This could be somewhat confusing to users, and not really knowing what is happening, they may just click save (It appears as if they are just saving a PDF file after all). Adobe is considering a patch to change the behavior of the software. In the meantime, the company is suggesting that users configure its PDF Reader product to limit the damage from an attack.
Here are the instructions for mitigating a potential attack:
Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications”
Thursday, August 13th, 2009
Confidential!
As a smart business owner you have locks on all of the entryways into your office, you have surveillance cameras or security alarms in place, and your network security is bulletproof (especially if you’re one of OUR clients). But another often overlooked security breach happens right on your own staff’s desks. If you get a lot of in-office traffic, this could be one of the largest risks in your security plan. Here are four things you should avoid to keep your confidential information out of prying eyes:
- Writing passwords on sticky notes -This is probably one of the biggest offenses — passwords and key system information written on notes and stuck on computer monitors. Anyone in the office after hours can access confidential files, steal information, and use it to compromise an account. But if you just hate remembering all those passwords, then install the password management tool from roboform.com.
- Storing credit card orders or contracts in paper folders – Not only does this expose you to having this information stolen, you could end up getting a lot of bad press if your customers’ credit cards get stolen thanks to a security breach in your office. The safest bet is to scan, encrypt and store such documents electronically, and then shred the originals. Companies like Iron Mountain will store them for you off-site, but scanning and storing them electronically is a much more cost-effective means for not only keeping them, but accessing them later on.
- Leaving sensitive documents on the desk – Many times detailed client contracts with billing terms or other critical data are left out overnight. The information might be used for ill-gotten gains by cleaning staff or staff in the office. What an embarrassing situation this could cause! Make sure you lock your office at night or when you’re going to be away for any length of time.
- Forgetting the printer – Most offices have printed documents sitting around all day and sometimes overnight before the owner picks them up. There are also sensitive documents that are forgotten and left to pile up. After your employees finish with printing jobs, they need to be mindful of any documents that were printed, even the ones that aren’t needed, and dispose of them appropriately.
Vist BSSI’s Computer Support website.
