Java: Keep It Updated (or Uninstall)

0
465 days
by in Technology

Oracle’s Java platform is becoming an increasingly infection vector for malware.

This graph says it all:

Java and PDF Exploit Attempts

Microsoft asks, "Have you checked the Java?" (click for full article)

The full article is a bit thick but has some interesting points.  I’ll give you the punch line:  The vulnerabilities that account for the huge spike in Q2 2010 had already been fixed in the most recent version of Java.  In other words, users who stayed up-to-date were safe.

The moral of the story:  Keep your programs updated.  The Java update notification looks like this:Java Update Notification

Alternative Moral:  If you don’t need Java, uninstall it.

Google Chrome Extension Sync

0
585 days
by in Technology

Google is planing to add the ability to sync extensions to its Chrome browser.  This itself is noteworthy, but also interesting connotations if you consider the Chrome OS platform.

Support for third party add-ons or extensions is compulsory for any browser competing in today’s market.  The ability to synchronize these plug-ins is simply the next logical step.  Just as it is a boon to have bookmarks synchronized across browsers on different computers, wouldn’t it be convenient for all of the browsers that you use to have the same add-ons installed and enabled?  (Why yes… yes it would.)

The problem of browser data synchronization echos the challenges faced by anyone who has upgraded to a new computer or tries to use more than one PC.  How do you make sure that you have all of your stuff?  How can you avoid having fragmenting your documents and data across multiple computers?  What’s the easiest way to customize your computer so that it’s just the way you like it?

Now consider Chrome OS.  You boot up, log in with your Gmail or Google Apps credentials and you get a browser.  That’s it, just a browser.

But wait…

Bookmark synchronization is built-in.

Google Docs…  File sync done.

Now add extensions sync to the mix.  If extensions are the Chrome OS equivalent of apps, then application sync is in the bag.  Any Chrome OS computers you use would take advantage of your hand-picked extensions, thus giving you consistent functionality.

If Google actually does launch a music service this fall, that’s just one more feature that elevates Chrome OS from a mere novelty to something that’s actually quite compelling.  Simply log on to a Chrome OS computer and you have all of your stuff.  Now THAT’S cloud computing.

Stay Safe in 2010: Uncheck This Box in Adobe Acrobat and Adobe Reader

0
732 days
by in Technology, Technology for Everyone

Keeping your computer free from viruses, malware, and trojans could be as simple as one check box.

Disabling JavaScript in Adobe Acrobat and Adobe Reader

Uncheck "Enable Acrobat JavaScript"

If you’re a trusting soul and just want to take my word for it, open up Adobe Reader (and/or Adobe Acrobat), go to Edit -> Preferences -> Javascript, and uncheck “Enable Acrobat JavaScript”.

Why?

Experts are saying (and I believe them) that Adobe products such as Acrobat, Adobe Reader, and Flash will be the biggest targets for hackers in 2010.  With Microsoft doing a much better job at security, hackers are turning their attention to poking at the holes in Adobe’s software.  For the hackers, it just makes good sense to reach for this low-hanging fruit.

Over the course of 2009, many warnings were issued concerning vulnerabilities in Adobe’s core PDF creation and viewing products.  The common thread in many of these warnings is that the vulnerabilities exploit the JavaScript functionality in PDF documents.

When I state that JavaScript is the key security hole in “many of these warnings”, I really mean “every single one that I can remember”.  Users who have disabled JavaScript are not at risk.

Adobe’s security chief defends JavaScript in Acrobat.  I have no qualms with JavaScript being available in PDF files, but the simple fact of the matter is that the overwhelming majority of users don’t need it, don’t use it, and wouldn’t even notice if it were turned off.  Instead of choosing to make their product secure by default, Adobe has made their product the number one target for hackers.

UPDATERogue PDFs account for 80% of all exploits [in Q4 of 2009], says researcher

Next »
Go to Top