Over the past 5 weeks there have been a lot of Internet security related events in the news. You may have read about Google’s recent announcement that it and 30 other organizations where the victims of Chinese supported hackers. There have also been numerous stories how everyday people have had their banking user names and passwords stolen by hackers along with large sums of money from their banking accounts.
Let me focus the attention on the three recent vulnerabilities in Internet Explorer, Adobe Reader, Adobe Flash and Adobe AIR;
Microsoft Internet Explorer Vulnerability MS10-002 (Cyber Security Alert SA10-021A)
Adobe Reader and Acrobat Vulnerability APSB10-02 (Cyber Security Alert SA10-013A)
Adobe Flash Player and Adobe AIR APSB09-19 (Cyber Security Alert SA09-343A)
Any of these vulnerabilities can be remotely exploited when the user visits a poisoned web site/page or by opening a poisoned Adobe PDF document. Once the vulnerability is exploited additional software is usually installed on the personal computer which can disable antivirus solutions and begin harvesting user names and passwords including banking information.
What should I do?
You need to make sure that you have the latest and greatest software and security patches applied to your personal computer. You should make sure that you have turned on Microsoft Windows Update; this will update Internet Explorer automatically. You can also confirm that Internet Explorer is up-to-date by manually visiting the Microsoft Windows Update website. You should also update/install the latest and greatest versions of Adobe AIR 1.5.3, Adobe Reader 9.3 and Adobe Flash 10.0.42.34.
If you haven’t already updated your home (or work) computers recently you might want to invest some time in the task. It might save you from a lot of problems and headaches later down the road.
Cheers!
References;
SANS Top Cyber Security Risks
Symantec Internet Security Threat Report 2008
What To Expect In Security In 2010
PatBoule says
Hi Michael,
Timely reminders – but your links are a little wonky. There’s an OWA prefix at the front of most of them.
Feel free to nuke this comment once you fix them up!
Pat
Michael McNamara says
Thanks for the heads-up Pat!
I’ve fixed the links!
Cheers!