February 21, 2009

Adobe 0-day being exploited

There are multiple reports circulating the Internet about current attacks exploiting an unpatched (0-day) vulnerability in Adobe products that is currently being actively exploited. It affects just about all recent versions of Acrobat Reader and Adobe Acrobat including v7, v8, and v9 and the issue appears to be a buffer overflow in the PDF Javascript processor. Javascript is allowed and enabled by default. The remediation/workaround is to disable the Javascript functionality in the Adobe products.

Additional reports are coming out that this exploit that was discovered may have been around as long ago as December 2008.

Adobe has released a bulletin and reports that they will have a patch released around March 11. I would recommend applying the workaround of disabling Javascript until the patch is released.

Remediation:
* Change Registry value "bEnableJS" to "0":
HKCU\Software\Adobe\Acrobat Reader\8.0\JSPrefs
HKCU\Software\Adobe\Adobe Reader\8.0\JSPrefs

February 12, 2009

APWG Phishing Education Landing Page

The Anti-Phishing Working Group (APWG) and Carnegie Mellon CyLab is asking that instead of disabling phishing sites you redirect the users to their Phishing Education Landing Page. I think this is a great way to educate your users about phishing. The more they know how phishing works the better they can protect themselves.

Here's how the program works: when a phishing site is shut down by officials (e.g. ISP, registrar, Web hosting company), we ask if the official would redirect the URL of the phishing site to an education landing page.

For more information about this program see http://education.apwg.org/r/how_to.html