Adobe Flash Player Clickjacking Vulnerability »

The recently reported clickjacking vulnerability affecting Adobe Flash Player could also allow a hacker to remotely activate a computer’s microphone and webcam (meaning they could see and hear what you were doing).

The Adobe Security Blog is reporting that a Flash Player patch should be available by the end of October and until it is released, they are encouraging users to change their browser’s Flash Player settings by following these steps as a temporary workaround:

1. Access the Flash Player’s Global Privacy Settings panel at the following URL: http://www.adobe.com/support/documentation/en/flashplayer/help/settings_manager02.html
2. Click “Always deny”
3. Click ‘Confirm’

Completing those steps will keep the bad guys from remotely accessing your computer’s webcam and microphone – although I am not sure why that ability was even an option in the first place with Flash Player.  Why would someone, good guy or bad, even need the ability to remotely access and control another person’s microphone?

Since YouTube and other online video sites use Flash to display the videos, users that frequent those types of sites could be particularly vulnerable, I would think.

UPDATE: Adobe has released Flash Player 10.0.12.36 which fixes the potential clickjacking issue that still exists in previous versions.  Adobe’s security bulletin recommends downloading and installing the latest version.  If you cannot download it, you should follow the steps above and they hope to have a patch ready in November.

Autodesk Design Review DWF Viewer Vulnerability »

Secunia is reporting a vulnerability with Autodesk’s Design Review DWF Viewer which can lead to a compromised PC.

The vulnerability stems from a flaw in the ActiveX control including the insecure “SaveAs()” method. If exploited, arbitrary files on the compromised computer can be overwritten.

This vulnerability was originally discovered by “bruiser” from Nine Situations Group and outlined here.  Bruiser tested the vulnerability using Internet Explorer 6 along with Revit Architecture 2009 SP2 and Autodesk Design Review 2009.

DWF is a very popular file format for quickly and easily sending drawing files through email, among other things.  Many CAD users prefer DWF because of its vector based capabilities, small file size and the ability for people to view drawing files without having AutoCad installed.  I previously posted on the benefits of DWF for CAD users.

Internet Security Suites »

Most new computers these days come preloaded with some form of Internet Security, usually McAfee or, *gasp*, Norton.  These are usually in the form of a trial version for up to 15 months with the hopes that, when the trial period is expired you will be so intimidated by the thought of installing a different one that you will just chose to renew.

Granted, it can be a royal pain switching from one Anti-virus / Spyware protection service to another, but sometimes that is exactly what you should do.  If you are not dead-set on continuing to use what was preloaded for you by your PC manufacturer, here are a few other Internet Security Suites that you would do well to at least consider:

• TrustPort – Virtual disk encryption utility and included tools to securely shred your deleted data files.  $55/yr. 1 PC.
• ZoneAlarm – Firewall, privacy controls, anti-virus and parental controls.  $59.95/yr. 3 PCs.
• BitDefender – Lots of tools and power scanners, plus 2 year online data backup.  $79.95/yr. 3 PCs.

Don’t feel that you have to stick with McAffee or Norton just because that is what your PC came loaded with.  You can switch and you might find something better.  All of the products listed above have a fully functional trial so you can test before you buy.

Windows Update Breaks ZoneAlarm »

If you use the combination of Microsoft Windows and ZoneAlarm, the Microsoft Windows update released yesterday (KB951748) will cause a conflict with ZoneAlarm which will prevent users from connecting to the Internet.

The Microsoft update makes changes to the way that your computer handles DNS requests and ZoneAlarm does not recognize those changes and therefore blocks traffic.  Here is a thread on ZoneAlarm’s forum that goes into detail.

Do not completely disable your firewall!  That is never a good idea, especially these days.  Here are some other options:

• Lower your Internet Zone Security setting from “High” to “Medium”.  This will allow you to access the Internet after applying the Microsoft patch.  This is a temporary fix until ZoneAlarm releases an update.
• If you want to turn off ZoneAlarm, make sure you at least enable your Windows Firewall.
• Uninstall ZoneAlarm and install another Firewall from a different software vendor (ie. Norton or McAffee).
• Alternatively, as the Macintosh Camp will gleefully shout, “Get a Mac and stop worrying with updates to Windows every month.”

I shy away from the last option because I like running commonly used software on my computer and playing some pretty cool games .

New Version of gpcode Ransomware »

Kaspersky Lab reports that is has seen a new variant of the gpcode ransomware. Gpcode.ak is an encryptor-virus which uses 1,024 bit encryption to lock down all data on an infected hard drive. The infected machine then shows this popup:

Translation – if you get infected, you are, um… in trouble. Kaspersky has cracked previous variants of this virus in a relatively short period of time. However, this encryption is twice as strong as previous versions, so don’t hold your breath waiting for it to be cracked.

Ransomware is not a new phenomenon, but this one is the worst threat to date. As we have warned before, BE VERY CAREFUL WHEN OPENING E-MAIL ATTACHMENTS. Especially .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h. Kaspersky also has some guidelines to follow if you do become infected by gpcode.ak:

Contact Kaspersky Lab using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine.

Write to Kaspersky at: stopgpcode@kaspersky.com with the following information included in the email:

* Date & Time of infection
* Everything done on the computer in the 5 minutes before the machine was infected, including:
o Programs executed
o Websites visited

Kaspersky will then try to help.

Make sure you have a strong anti-malware program running and that you keep it up-to-date (ie. daily). Do not turn if off because it makes your computer run slow and do not run more than 1 anti-virus program on any one machine.