• Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
• Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX
• Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
• Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh

You can see the original report from adobe.

“The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled.”

There is no current patch.

You can, however, disable displaying icons for link files, and kill this potential exploit.  via US-Cert:

Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the “Changing Keys And Values” Help topic in Registry Editor (Regedit.exe) or view the “Add and Delete Information in the Registry” and “Edit Registry Data” Help topics in Regedt32.exe.

1. Click Start, click Run, type Regedit in the Open box, and then click OK
2. Locate and then click the following registry key:
HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler
3. Click the File menu and select Export
4. In the Export Registry File dialog box, enter LNK_Icon_Backup.reg and click Save
Note This will create a backup of this registry key in the My Documents folder by default
5. Select the value (Default) on the right hand window in the Registy Editor. Press Enter to edit the value of the key. Remove the value, so that the value is blank, and press Enter.
6. Restart explorer.exe or restart the computer.

Part of the real pain with traditional security systems is the pain of setup.  And if you have to run wires, well, that really bites as well.  Swann wants you to buy the ADW400 and say goodbye to those pains.

The ADW400 surveillance system features a wireless, infrared video camera and a base station (DVR).  Now, for the good.  It is a digital, wireless video camera solution that allows for encryption of the video signal.  This means that no one can grab that signal and use it for nefarious purposes, like stealing your concrete duck out front.  It also means that the wireless signal will not experience interference.  The vendor claims a generous 165 foot signal distance, but I’m not super confident on that.  It also uses 1/4″ CMOS and you can record in VGA: 640 x 480 / QVGA: 320 x 240 modes.  You power the video camera by hooking it up to a power outlet.

And now for the not so goods.  The first thing is that you use an SD card in the DVR/base station.  It comes with a 2GB card that will afford you 2 hours of recording time.  If you upgrade to a 32GB card, you can record 2 days at the lowest resolution.  Now, in the long run, that would drive me insane.  I want something that would write to a computer directly.  Who wants to move video back and forth between storage devices?  It would be nice to have an eSata slot or something.  Also, I don’t think the actual camera is waterproof.  I could be wrong on that, but I didn’t find anything to tell me differently.

But, for $250 you get a pretty easy to use infrared and DVR surveillance syste.  That’s pretty good for the price.  You can also add up to 4 wireless video cameras to the system.

Here’s their video on the product.  I was half expecting this guy to rap with the music:

The iPhone really is an amazing device.  It seems its versatility knows no bounds.  Squareup is a company that is putting credit card processing where your iPhone is.

Now, it isn’t just that Squareup brings convenience to the table in this nice little credit card processing unit.  No, it’s that they extend that convenience by adding services or features that I personally would have liked to see in a point of sale system.  This includes:

• Super simple setup.  Squareup says that you can literally start taking credit cards in less than a minute.
• Utilize the Squareup device on any mobile device with an audio jack.
• Photo verification of other Square users.  This would be awesome – we will see how much that catches on.  But would be nice for security.
• Built in reward systems.  Stop getting paper cards punched for a free cup of joe.  Squareup would keep track of that now.
• Charitable giving.  Squareup donates a portion of the proceeds to a charity of your choice.  Very nice.
• Online catalogue of receipts.  About time.

It looks like Mophie, the mobile battery vendor, will be announcing a credit card processing add on for the iPhone at CES.

The Q-See QSC48030 line of video surveillance cameras gives you a robust camera at a very reasonable price.  This allows you to nail the bad guys without being robbed by a camera company.  It doesn’t stand up to high end video surveillance cameras, but it’s a great buy for the money.

Let’s face it, sometimes you live or do business in a part of town that is less than honest or safe.  And there is nothing more frustrating than having some low life wreak havoc with your life while your trying to do the right thing.  That’s where you can leverage technology for the better.

Q-See’s QSC48030 is a weatherproof CCD with 80 foot line of sight and night vision capabilities.  It comes with 60 foot of installation cable and can be easily hooked up to a VCR, TV, or DVR.  Why do people like it?  Well, the price is a big start, coming in at around $120.  This camera can struggle a little in complete darkness, in some situations.  And if you are wanting great clarity at far ranges, this camera is not for you.  You will want to go with a higher end video surveillance camera for that type of application.  But for most folks, this camera will get it done.  Great value.

Mobile devices are becoming smarter and more convenient.  The problem with that is they become targets.  And now that your data is mobile, theft is an issue.  But there is a more insiduous theft that can happen.  That’s because it can happen while you are holding the device and not even know the theft happened.

Here is the rolldown on the vulnerabilities – there are a lot:

• Coregraphics and ImageIO vulnerabilities that can lead to a compromised system.
• Exchange server certs that can be accepted without prompting, leading to credential theft.
• International Components for Unicode allows security bypassing.
• libxml2 and IPSec vulnerabilities that can allow a denial of service attack
• Problem in mail can cause an uninitiated phone call “if an application causes an alert during the call approval dialog.”
• Vulnerabilities in the Webkit allow Cross-site scripting attacks and system take over.
• Issue in JavaScript garbage collector allows execution of arbitrary code.

Source: Secunia

Electronics forensics tools are an interesting group of utilities.  I usually find that forensics and security experts like them, but also a whole underground of hackers.  That’s because folks who love to learn and tinker like these kinds of tools.  Time to hide your cell phone!

This little device allows you to grab SMS, call logs, media, etc from cell phones.  It’s easy to use, which makes it dangerous.  It can suck data out of Samsung, Motorola, and LG cell phones.  Here’s a video on this heinous device.  But seriously, folks wouldn’t really use this for anything other than forensics, would they? ;^)  Oh, it’s $299 for the kit.

Getting an outdoor security camera is a great idea, but there are potential issues when doing so.  Make sure you think through implementation before purchasing one of these.  Even home owners are starting to get into the act of putting an outdoor security camera in strategic locations to keep their families safe.

Obviously, if it’s an outdoor camera, it needs to fend off the elements.  That means the housing needs to be really durable.  Having a waterproof outdoor security camera is a must, and really, a no-brainer.  So check the reliability ratings of the security camera that you are checking out.  Now, another feature that an outdoor security camera must have is infrared night time viewing.  That will allow all day monitoring.  This is accomplished through infrared LEDs.  They consumer very little power and work great.

Another thing to keep in mind with any security camera is the field of vision.  You can find various calculators on the internet for finding field of vision.  You will want to consider what depth and width you will need to cover.

Also, make sure your night vision performance is good enough for your application.  If you are needing to see 20 feet at night, obviously, don’t buy a model that can only produce a visible 10-15 foot image at night.  Also, if sound is a big deal, then make sure the sound quality of the camera will be right for you.  Resolution is also a big thing to check.  If you want detail – you must check how many lines the resolution output will be.

And will you be needing a wireless outdoor security camera?  You will pay for that convenience in price and also in quality.  But they are getting better in both regards every day.  Happy hunting!

A ton of people now use Adobe Reader. That’s because of the ease of use in cross platform document exchange. Well, a new zero day has surfaced that makes your reader like a giant hole in a bank. Various sources said that it was being actively exploited. Sure enough, I found source code out there for the exploit being circulated.

The original US-Cert advisory cites a problem with indexing arrays in JBIG2 streams.  Yeah, I know, what the heck does that mean?  Well, the bottom line is that arbitrary code can be run by the exploiter.  What does someone have to do to be exploited?  Well, open a pdf document.  That simple.  So, I would say that you shouldn’t open untrusted pdf docs.  No patch has been issued yet.

As an aside, there are also some nasty Adobe flash player exploits making the rounds.  Some involved code execution when viewing flash movies and some involve privilege escalation.  So, I would say that it’s time for Adobe to roll out a bunch of security updates.

Yeah, bizarre title.  Like something right out of a 24 episode.  Oh, and by the way, just how many moles can there be in CTU?  I mean seriously.  Is their security that lax?  Well, if it’s anything like our national security, the answer would be yes.  You see, peer to peer networks are great places to find all kinds of nasty little secrets.  One of them is social security numbers.  But how about the entire avionics for Obama’s helicopter?  Yeah, and that’s not the worst of it.

The worst of it would be that it’s in the hands of the Iranians.  Woohoo.  Major Presidential Fail.  Yep, that would be according the Sam Hopkins, co-founder of Tiversa Security:

Around the October to November (2008) time frame. We get about 100,000 or 200,000 confidential files that we bring back and if we find something really bad, we will contact that company and say that your information is out there on a peer-to-peer network. In this case, it was over in Iran, where they were actively trolling for information. We notified the defense contractor and they went through their steps to notify the Department of Defense…[they got] the entire avionics system of the president’s helicopter, and various upgrades by contractors.

-Quote courtesy of CNET

Oooowee.  I love the smell of national insecurity in the morning.  Here’s a hint: do not put a peer to peer client on your business network.  Don’t do it.  Let me repeat: don’t do it.  Did I make that clear?  So, I wonder when the bailout for Obama’s helicopter is coming?  Sorry, couldn’t resist.