Processing .....please wait.. 
The article has been forwarded.... 
Disable JavaScript to avoid zero-day attacks
By
SiliconIndia,Tuesday, 15 December 2009, 18:12 Hrs
Bangalore: To protect themselves from zero day attacks, users need to kill JavaScript in Adobe's Reader and Acrobat tools, according to security experts.
Shadowserver, a volunteer-run group that tracks vulnerabilities urged users to switch off JavaScript. "We have said it before and we will say it again: Disable JavaScript. This vulnerability is actually in a JavaScript function within Adobe Acrobat and Reader. The vulnerable JavaScript is obfuscated inside a 'zlib' stream making universal detection and intrusion detection signatures much more difficult."
The advice seems to be at time, as a bug researcher and exploit maker HD Moore confirmed that an exploit would be published to the open-source Metasploit penetration testing framework within a day or two. Moore, the creator of Metasploit and Chief Security Officer for security company Rapid7, echoed Shadowserver's advice. "Disabling JavaScript does prevent the vulnerable code from being called," said Moore in an e-mail to Computerworld.
To kill JavaScript in Adobe Reader or Acrobat on Windows, users need to select Preferences from the Edit menu, choose "JavaScript," then uncheck the "Enable Acrobat JavaScript" option. On the Mac, Preferences is under the "Adobe Reader" or "Adobe Acrobat" menus.
Killing JavaScript is the only defense against attacks until Adobe solves the problem. It is likely to take a month before that happens. Adobe's next regularly-scheduled security updates for Reader/Acrobat are likely to launch on January 12, 2010.
If we believe on Moore's preliminary work, attack code will go public long before then. "It is a little tricky to make reliable, but we are on track and should have a Metasploit update ready within a day or two at the latest," said Moore said, referring to the probable release of an exploit module for the testing framework.
Adobe Reader and Acrobat run on Windows, Mac OS X and Linux.
Shadowserver, a volunteer-run group that tracks vulnerabilities urged users to switch off JavaScript. "We have said it before and we will say it again: Disable JavaScript. This vulnerability is actually in a JavaScript function within Adobe Acrobat and Reader. The vulnerable JavaScript is obfuscated inside a 'zlib' stream making universal detection and intrusion detection signatures much more difficult."
The advice seems to be at time, as a bug researcher and exploit maker HD Moore confirmed that an exploit would be published to the open-source Metasploit penetration testing framework within a day or two. Moore, the creator of Metasploit and Chief Security Officer for security company Rapid7, echoed Shadowserver's advice. "Disabling JavaScript does prevent the vulnerable code from being called," said Moore in an e-mail to Computerworld.
To kill JavaScript in Adobe Reader or Acrobat on Windows, users need to select Preferences from the Edit menu, choose "JavaScript," then uncheck the "Enable Acrobat JavaScript" option. On the Mac, Preferences is under the "Adobe Reader" or "Adobe Acrobat" menus.
Killing JavaScript is the only defense against attacks until Adobe solves the problem. It is likely to take a month before that happens. Adobe's next regularly-scheduled security updates for Reader/Acrobat are likely to launch on January 12, 2010.
If we believe on Moore's preliminary work, attack code will go public long before then. "It is a little tricky to make reliable, but we are on track and should have a Metasploit update ready within a day or two at the latest," said Moore said, referring to the probable release of an exploit module for the testing framework.
Adobe Reader and Acrobat run on Windows, Mac OS X and Linux.
Don't Miss
Write your comment now
|
Submit your news/press release
Let our editorial department know about any news about your company, your
organization, or yourself, or any press release that you have. If we find it suitable for our audience, we will contact you and make a news. Please
also share any links for the news.
Reader's comments (1)
1: It is good to know that users need to disable
JavaScript in Adobe's Reader and Acrobat
tools for security.
Posted by: Akash - 15 Dec, 2009
Disclaimer
Messages posted on this Web site under the `Comments' area are solely the opinions of those who have posted them and do not necessarily reflect the opinions of Infoconnect Web Technologies India Pvt Ltd or its site www.siliconindia.com. Gossip, mud slinging and malicious attacks on individuals and organizations are strictly prohibited. Infoconnect Web Technologies India Pvt Ltd can not be held responsible for errors or omissions in content, nor for the authenticity of the user/company name or email addresses associated with posted messages. Infoconnect Web Technologies India Pvt Ltd reserves the right to edit or remove messages containing inappropriate language or any other material that could be construed as libelous, potentially libelous,
or otherwise offensive or inappropriate.Infoconnect Web Technologies India Pvt Ltd do not endorse the products and services or any other offerings mentioned in these messages.
- Software Testing is Dead!!!
- Why is Priyanka Gandhi Liked More than Rahul Gandhi?
- Selective Abortion on the Rise among Indians in North America
- India's Most Wanted: Pak's Political Hero
- 5 Best Android Smartphones Under Rs.10,000
- 28 pct Indians would Go Abroad Even For 10 Pct Hike
- World's Greatest Introverts and Extroverts
Beautiful and dress selection, please go to Dresses
| Plan on visiting the Lotus Temple? Get Great Deals on Delhi Hotels ! |
Buy India Wholesale Products on DHgate.com
SPOTLIGHT
General
28 percent of Indians are ‘very likely’ to take up a full time job overseas for two to three y..
|
|
|
|
|
