Blog

Didier Stevens, security professional and blogger, has found a “feature” in the PDF file format that makes it possible to package an executable in a PDF file which will run in Foxit PDF reader or run in Adobe Reader with a bit of social engineering. “With Adobe Reader, the only thing preventing execution is a warning. Disabling JavaScript will not prevent this (I don’t use JavaScript in my PoC PDF), and patching Adobe Reader isn’t possible (I’m not exploiting a vulnerability, just being creative with the PDF language specs).” ...

MS10–018 If you’re using Internet Explorer versions 6 or 7 it wouldn’t be a good idea to miss this one. “Actively exploited” for drive by down loads from malicious web sites sums it up. There’s something in it for IE8 as well. See our post yesterday: “Microsoft out-of-band patch tomorrow”

Let the iPad hype and excitement begin: Apple’s preparation for the launch of the iPad has kicked into high gear. Today, the tech giant released version 9.1 of iTunes, its vastly popular music, app, and now book-managing software. The new update doesn’t do anything like radically change the iTunes interface. Instead, it is focused on providing support for the iPad, which launches this Saturday. The big addition in this software update is iPad syncing. Thus if and when you plug that glorious iPad of yours into your computer on Saturday, it’ll sync your computer’s music, movies, books, and other media with your tablet device. ...

Google has revealed that users can now transfer files via chat in iGoogle and Orkut. This is good news for web users with a preference for software-free chatting, but the better news is that Google promises to bring the same functionality to Gmail, which already supports voice, video and group chat. The iGoogle and Orkut file transfers will work for photos, documents and presumably small video files. In addition, web users can exchange files with users of Google Talk — the more robust desktop version of Google’s chat client — without any hiccups. ...

With Google owning YouTube, the Internet’s principal delivery system for Flash-based video, it was perhaps inevitable that the company would bundle the Flash plug-in with its Chrome browser. The announcement came today from both Google and the team developing the open source Chromium component on which Chrome is based. The move now officially places Google in contention with proponents of HTML 5, who had held out a glimmer of hope for a non-proprietary, non-plug-in video format for the standard’s new [VIDEO] element. In its blog post today, the Chromium team indirectly blamed the standards process for not having solved what it perceives as the problem of specifying how plug-ins should operate, and credits Mozilla — which makes Firefox — with helping to rectify that issue. ...

There seems to be an established procedure used by government officials who want to censor Internet traffic: begin requiring Google and ISPs to filter pornography then sneak in filtering of the politically sensitive material of your choice. Maybe we should give this a name: how about “porn filter law bait and switch?” In China’s Green Dam fiasco last summer, the web filter that was required on new machines (before the whole idea broke down) was supposed to protect good Chinese Internet users from sex and violence. When various researchers took apart the Green Dam files, however, they found that 1.) it ripped off a lot of code from a U.S. company and 2) two thirds of the strings it was set up to filter were politically sensitive words and not sex and violence issues at all. ...

Today, our friends at Trend Micro blogged about a new attack vector using Microsoft Word documents. We saw this as well last week, and have written a detection for the dropped trojan. It’s not just a “lawsuit” that’s being spammed, we also picked up another form of this attack in our honeypots over the weekend: When you open the Word document, you see a “PDF”, but it’s actually not. It’s a JPG, which links to an executable. ...

Have you ever wanted to quickly send a file to a friend who’s online? Now you can share pictures, documents and other files directly with your friends while chatting in iGoogle and orkut, without having to switch to email to send the file as an attachment. File transfer works directly in the browser so you don’t need to install anything. Just start a conversation with a friend and click “Send a file…” in the “Actions” menu. After you select a file, your friend will be asked if they want to accept the transfer. You can learn more on the Google Talkabout Blog. ...

Using a Firefox 3.0 add-on created by developers in Hong Kong, Betanews was able to briefly establish a connection with the Internet via a proxy based in mainland China. With that proxy, we were able to confirm that searches performed using Google’s Hong Kong-based page were effectively blocked. Firefox 3.0 reported the blockage with this message: “The connection to the server was reset while the page was loading” — a message from the browser, not from an ISP. We used version 3.0.16 of Firefox (an older edition) because it is the only version compatible with China Channel, a tool made for the express purpose of testing China’s filtering ability. It has not been upgraded for version 3.6. ...

We’ve been seeing Fake AV programs getting more convincing for a while now. Some of the tricks employed by the guys behind these rogue programs include Windows-7-style fake scanners, in-browser “scanners”, and program features that ape other aspects of the operating system. Yesterday, though, we came across a misleading application called AntiVirusDemoFraud that is—how to say?—possibly a little less sophisticated than some in terms of user interface design. ...