Recently Adobe has had to put out quite a few zero-day patches, with an attack on Flash in September that required an out-of-band patch and now this new font bug. The patch put out today includes the Flash patch as well because Reader and Acrobat include code to run Flash embedded in pdfs.

The most notable patch is for the exploit found in early September by Mila Parkour. This exploit was lauded as “scary” and “clever” because it bypassed built-in Windows protections with ease and used a stolen signed digital certificate. The exploit was later named after David Letterbeater who was the subject of many rigged emails as part of the attack.

Adobe notes that 20 of the vulnerabilities being patched could lead to code execution where hackers could hijack the computer. Unlike Microsoft, Adobe does not assign official threat ratings to patches. Two of the remaining bugs could be used to crash Reader or Acrobat and the last is a bug just for the Linux version of Reader. To update your copy of Reader or Acrobat fire up the auto-updater or grab the link from the official Adobe advisory.

PC World reports that the exploit uses rigged PDF files that include code to exploit the zero-day flaw. It has been called impressive and clever because it first gets around 2 Microsoft-created protections. The sophisticated exploit bypasses two important defences that Microsoft erected to protect Windows, ASLR (address space layout randomization) and DEP (date execution prevention), researchers have confirmed.

Second, the attack also boasts a valid digital signature by Vantage Credit Union. VeriSign has revoked the signature to prevent further usage but the malware that’s already out there will still be carrying what looks like a valid signature.

The attacks have been targeted to specific corporations and individuals but now that the word is out the hackers will probably expand its target range. Adobe has not offered any word on how to avoid the attacks or when they will have a patch ready. They did warn users on Tuesday about the malware.

To get infected the bad PDF needs to be viewed so it does require some interaction and disabling JavaScript will block the attack. This is the latest attack to use digital signatures to fool defence systems, it bears a resemblance to the Stuxnet worm which was a problem for some companies over the summer.

It wouldn’t be surprising if in the future more malware uses these sophisticated techniques with digital signatures since they have been effective.

Routers come with a standard password and I usually use this to access clients routers without even asking if they know the password.  This is because the router is usually the last place someone thinks of needing a password or they simply have not known it.  Now, well for some time, criminals have taken advantage of it, they have developed malicious code to change your setting on the router.

This looks like the computer is affected by a virus but even after a computer has been cleared of everything it still has the same error and all computers will show the same symptoms.  You may net even get any symptoms which makes it worse.

When you go to a website your computer does not know where that website is hosted so it looks for a DNS server.  On nearly all home routers this will be set to get the address of these servers from your ISP automatically.  So when you type in a website address it goes to these servers and they look up where the website is, return this information to your computer and you get the website displayed on your computer.  This virus changes the settings so it does not get the DNS server of your ISP but theirs so they can see what you are doing and intercept any data they can.

For the full report see Forbes

How do you change this password?  If you are confident then search for your routers model number and for the instructions.  This should tell you what to do, if you are not sure then get a technician in to do it for you.  It does not take long and you will know that this virus can not affect you.

Sophos has released a Windows Shortcut Exploit Protection Tool that claims to block any attacks trying to exploit the critical unpatched vulnerability in Windows shortcut files.

Currently, this tool protects only LNK files, other file types like PIF might be supported later

While Microsoft has suggested a  fix or workaround to address the security issue, this tool blocks this exploit from running on your computer.  The Windows Shortcut Exploit Protection tool runs whenever Windows tries to display an icon corresponding to a Windows shortcut. The tool intercepts this request and validates the shortcut. If the shortcut does not contain an exploit, the icon is displayed.
The Sophos Windows Shortcut Exploit Protection Tool works on Windows 7, Vista & XP only; and does not work on Windows 2000.

Download this tool

As Microsoft have not yet found a fix to this bug the advise is to switch the vulnerable part off, for which it has produced an automated tool which can be found on their website.  Please download and run the files, also make sure your anti virus software is up to date.

While this affect Windows XP it also affect all of the following

• Microsoft Windows Server 2003 Service Pack 2, when used with:
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
• Microsoft Windows XP Service Pack 2, when used with:
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
• Microsoft Windows XP Service Pack 3, when used with:
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional

If you want to know more then see their technet blog

If you need to know more go to the Sony website and follow their instructions.

As I always check these things out I phoned UPS and even before I got to multiple choice menu it had a message saying they have had a number of calls about this email.  The email says that a delivery was attempted but no one answered and asks the user to open an attachment to arrange another delivery.  Well you might have guessed it is a virus and opening this attachment infects your computer.

If you get any unexpected emails from a large company especially Ebay and Paypal go to their websites directly and not though a link on the email and check it out either by logging in or in my case phoning the company.  I know Ebay and Paypal have an email address you can forward your email and they will tell you if it came from them or not.

Ebay’s fake email page

Paypal’s fake email page

We do not send unsolicited email or make unsolicited phone calls to request personal or financial information or fix your computer.
If you receive an unsolicited email message or phone call that purports to be from Microsoft and requests that you send personal information or click links, delete the email or hang up the phone.

There are other and you should see this Microsoft website for more details.

If you receive one of these call hang up, unless you give someone access or install monitoring software then they cannot tell if you have errors on your computer.  If you have a virus that sends out spam email on your computer, then your internet provider will send you an email advising this.

If you are unsure about your computer then get it checked out by an experienced technician or engineer.

Boasting the same piece as the current elite system the new slim version has a 250GB hard drive to store even games, music or films. It also has built in WIFI which all of it’s competitors have had for a long time, making it easier to connect to your home network. As well as this they have also launched there motion control system that has facial recognition making games more physical and fun.

Sony PS3 3D

Sony is taking gaming to the next level with 3D gaming. The good news is that all PS3 will be 3D ready with just a software update, excellent news as this saves money but you still need to buy a 3d TV. They have also announced some games that will be in 3D including Killzone 3, Grand Turismo 5, Crysis 2 and Ghost Recon. Some Classic games will be getting a 3D make over including wipeout 3D Sony have also announced details of it’s own motion sensor, which will be released on the 15th of September, it seems everyone is copying Nintendo now and with up to 56 games available by Christmas there will be plenty of choice

Nintendo 3DS

Sony may have plans for the next Gen consol in 3D Nintendo have them for handheld gaming. The 3DS can display 3d images without the need of special glasses and will be in our shops before Christmas. This required a graphics overhaul but only the top screen will be 3D with the bottom (touch) screen will be the usual 2D. As usual a number of 3D games will be available at launch or shortly after.