Adobe PDF Vulnerability Bigger Than First Thought

A security risk in the Adobe Acrobat reader, first thought to have only exposed web-related data by malicious sites links to PDF files online, can now be exploited locally. This would give the attacker the full range of options, read files, delete files, execute programs, send the contents to the attacker, so they could do lots of harm to unsuspecting users.

Initially, security professionals thought that the problem was restricted and exposed only Web-related data or could support phishing scams. Now it has been discovered that miscreants could exploit the problem to access all information on a victim’s hard disk drive, said Web security specialists at WhiteHat Security and SPI Dynamics.

“This means any JavaScript can access the user’s local machine,” Billy Hoffman, lead engineer at SPI Dynamics, said in an e-mailed statement. “Depending on the browser, this means the JavaScript can read the user’s files, delete them, execute programs, send the contents to the attacker, et cetera. This is much worse than an attack in the remote zone.” Source:

Adobe says that Flash Player and Reader, and modern browsers should block this, but have not verified this for sure, as of yet. Adobe says the best option, until they release updates to fix the older versions, is for users to upgrade to version 8 of adobe Reader, by clicking here.

1 comment - What do you think?  Posted by Jimmy Daniels - January 5, 2007 at 8:39 pm

Categories: Browsers, Security   Tags:

Firefox Security & Stability Update Version

For all of you still running Firefox 1.5, they have released a security and stability update, version, that you should update to. Buy why not just go ahead and get Firefox 2.0?

As part of Mozilla Corporation?s ongoing stability and security update process, Firefox is now available for Windows, Mac, and Linux for free download from ( We strongly recommend that all Firefox 1.5.x users upgrade to this latest release. This update is available immediately in 37 languages including German, French, Spanish, Japanese, Simplified and Traditional Chinese, Korean, and more.

Note: Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007. All users are strongly encouraged to upgrade to Firefox 2 ( Source: Mozilla Developer Center

Release notes are available here.

Download it from here.

If you don’t want to go ahead and get it, you should receive an automated update notification with 48 hours.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - November 8, 2006 at 6:58 pm

Categories: Browsers, Firefox, Security   Tags:

Browser Roundup

The folks over at Read/Write Web just posted an article, Web Browser Face-off, comparing web browsers, including the recent upgrades, IE7 and Firefox 2.0. It’s more of a “roundup” than a face-off, this is not a big review of each browser, just a comparison of their pros and cons. They look at [tag]IE7[/tag], Firefox 2.0, [tag]Safari[/tag], [tag]Opera[/tag], [tag]Flock[/tag] and [tag]Maxthon[/tag]. Anyway, if a good quick comparison of web browsers with no one picked as a winner is what you are looking for, read on.

The last few weeks have been packed with browser action and the two market leaders, Internet Explorer and Firefox, have launched major new versions. So to round out our recent browser coverage, we present the Web Browser Face-off – looking at how all the main browsers compare with each other in terms of features and innovation. We are basically looking for what is unique, interesting – and missing – in each browser.

Right now Microsoft still holds onto its huge market lead, but Firefox is gaining more ground every month. Probably more importantly, there are other major innovators in the browser space – such as the social browser Flock (a Read/WriteWeb sponsor) and the perennial innovator Opera. The Mac browser Safari of course has many passionate supporters, while new kid Maxthon is one to watch.

Regardless of who will prevail in the ‘browser 2.0 wars’, the users will win. While fighting each other, the browser makers innovate and simplify. They increase our productivity by integrating into the browser web concepts such as search, RSS, OPML, micro formats and more. The core browsers are getting slimmer and faster, while extensions that cover a wide range of services are being developed by external parties. Source: Read/Write Web

Over on PCWorld, they compare IE7 to Firefox 2.0 and come up with a winner, even if their reasoning is because one was first to the table with some of it’s offerings.

Firefox is a global, open-source project, so development has been very swift when compared to Microsoft’s closed-source development of Internet Explorer. We’ve had to wait a very long time between IE6 and IE7, so most users are installing IE7 with high expectations. The good news is that both browsers have seen some significant enhancements in three key areas: user experience, security and web standards. The bad news is that one browser still has better features and standards support than the other.

The better browser is Firefox 2 for two reasons: innovation and ease of use.

Both browsers are loaded with modern productivity features, but while Microsoft is just introducing these features to its browser, Firefox has already had them long enough to refine them, enhance them and make them even easier to use. While Microsoft has added an integrated search box to IE7, Firefox has added auto-suggest query completion and advanced search engine management to its own familiar search box. IE7 can now handle RSS feeds, but Firefox has several options for adding feeds within the browser, a client or your web service of choice. Source: PCWorld

I’m currently using both browsers and like both equally, but I am used to using the big blue E, so my time is mostly one sided, I need to remember to use Firefox. So, i guess I lean more towards IE7 by default, just as some of these people lean towards Firefox. They are both better browsers so you really can’t go wrong.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 26, 2006 at 3:54 pm

Categories: Browsers, Firefox, IE7   Tags: , , , , ,

Firefox 2.0 Hits the FTP Server

They noticed over at Ars Technica that there was a brand new directory on the Mozilla Foundation’s FTP servers that looked like it contains the new Firefox 2.0. The latest version offers many new features and enhancements, including, Visual Refresh, which is Firefox 2′s theme and user interface, built-in phishing protection that warns users when they encounter suspected Web forgeries, enhanced search capabilities, improved tabbed browsing, being able to resume your browser session, and everything you were doing before the crash, previewing and subscribing to Web feeds, inline spell checking, Live Titles, an improved Add-ons manager, JavaScript 1.7 support, extended search plugin formats, the extension system has been updated to provide enhanced security and to allow for easier localization of extensions, client-side session and persistent storage, support for the svg:textpath specification, and a new Windows installer.

Ars contacted Firefox to find out if version 2.0 had been released a day ahead of schedule. We were told that “Mozilla has started the process to get Firefox 2 ready for release on Tuesday,” by a Mozilla spokesperson. “Mozilla does not guarantee that any set of files currently found within its Web site or elsewhere will be the final release. Starting tomorrow afternoon, everyone should go through Mozilla’s main channels for download at or to obtain Firefox, as this is the pathway Mozilla has optimized for the high volume of Web traffic.” Source: Ars Technica

So, don’t download it until tomorrow when they officially release it, or you may end up with some problems you don’t need.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 23, 2006 at 8:01 pm

Categories: Browsers, Firefox   Tags:

Trying AOL’s OpenRide

AOL is in the process of trying to reinvent themselves, they have stopped charging broadband users for access to their system, and now they have released OpenRide, a web browser with all your tools right there.

Introducing AOL OpenRide, the newest AOL software. So much more than just a Web browser, its breakthrough four-pane design will revolutionize the way you use the Internet. No more jumping from one window to the next everything you need is right there the moment you need it. And it’s absolutely free. Simply put: You’ve got to see it to believe it.

Why not, I’ll give it a shot.

First complaint, when it was getting ready to install, up popped the license agreement, it said it was going to index my files with AOL desktop search, and I could turn it off later, why not now? I already have indexing software from Microsoft, why do I need one from AOL? Then it said a shortcut and tray icon will be added for quick access, okay, I can understand the shortcut, but I don’t want another tray icon, give me the options to say no, I don’t want this stuff. Typical AOL software, here is how we do it.

Installation took a few minutes, not a surprise, and once it was done showing me all the great features while it was installing, it gave me the launch button or close, so I launched it. And I sat there and sat there waiting for anything to happen, I had already closed all of my programs like it asked, so nothing was hogging the system. Finally, the browser popped up with its four panes, or pains if you will, but I still couldn’t do anything because it was busy doing something, and after another minute or so, it said I should install their spyware protection. So, I guess that was what was holding up things. No thanks. I also noticed a link at the top that said Security, so I clicked it, and it said I could install AOL’s firewall, AOL’s spyware and AOL’s virus protection.

Let me know when you are done laughing.

Okay, no thanks, again, AOL, every program I have ever used of yours was a memory hog and bogged down my system, and I think AOL triton instant messaging software is some of the worst, so there is no way I’m installing even more AOL software. So, after the software was loaded, I browsed around a little bit, it was okay, I don’t really like the four pain, er pane approach, I like having both IM and my browser open on the screen at the same time, so I can see them both, not just whichever one I am using at the time.

Final judgment: Keep it. Just more memory bloat from AOL. I didn’t see anywhere that said what browser it is based on, but I assume it is Internet Explorer. I’ll stick with IE and Firefox thank you, AOL can keep this wonderful tool.

I was looking for the webpage to download AOL OpenRide, I forgot where it was, and tried searching for it at AOL, and they didn’t know where it was either, hehe. Just joking, their search is based on Google, which hasn’t indexed it yet I guess, so I went to the AOL homepage and clicked the link from there.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 5, 2006 at 5:15 pm

Categories: Browsers, Tech News   Tags: