Security Quest #3: Intellitxt and PDFs

One of the most popular posts on the Spam Chronicles site was my post on blocking IntelliTxt ads from back in April. I’ve decided to reprint it here. The company offering them is Vibrant Media. They do allow a way for users to turn off the ads, although this feature has to be implemented by the webmaster and my experience is that not many do.

If your at a website that has these ads first check to see if there’s a link to turn them off. If there’s not and you want to keep visiting the site you can turn off Javascript. But this may break other things on the site and you’d probably want to turn it back on when you leave the site. All in all, an annoying solution.

There’s another alternative if you use Firefox. You can install the GreaseMonkey add-on for Firefox then install a GreaseMonkey script to block the ads.

Install the GreaseMonkey add-on from it’s page Firefox Add-on directory. You’ll need to restart Firefox before the plugin becomes active.

Then install the “Disable Text Ads” from userscripts.org. These pop-up ads should now be disabled. Be sure to check for script updates as these ad vendors change their methods constantly and new vendors pop up.

For additional GreaseMonkey scripts you can visit http://userscripts.org/ and visit the home of the Disable Text Ads script author at http://www.fibble.org/.

Adobe Reader PDF Vulnerability

A security researcher, known as pdp, is reporting a “High Risk” vulnerability in Adobe Acrobat Reader (versions 7, 8 and 8.1) that can be used to run any program on a Windows PC. According to pdp (in the comments) non-Adobe Readers (such as Fox-it) may be affected although it may be less severe by requiring a user confirmation. There’s a video on pdp’s site (in the comments) that shows the exploit running calculator. The program already has to be on the PC but there are ways to accomplish that. Ars Technica mentions that putting both the executable and pdf in the same zip would accomplish this.

OpenOffice.org Vulnerability

All versions of OpenOffice.org except the very latest have a vulnerability that can be used to execute code. OpenOffice.org users should upgrade to the latest version to plug the vulnerability. Version 2.3 plugs the whole and it was released on Sept 17th.

Google Vulnerabilities

ZDNet has a blog posting about vulnerabilities in various Google products – GMail, Blogspot and their search appliance.

Security Software

AVG Anti-Virus Free Edition got another minor update this week. It’s up to 7.5.488.

Avira AntiVar Personal Edition has been updated to version 7.06.00.27. Antivar Personal is a free anti-virus software for Windows, including Vista.

News & Information

TechDirt has a story about Symantec accidentally issuing a “Threatcon 4” warning which means there’s “extreme global incident activity” in progress. It was a false alarm due to a software test. It appears only TechDirt noticed.

Symantec also issued a warning about bluetooth security. A study by InsightExpress said that 73% of mobile device users aren’t familiar with mobile device security issues. No mention of what has to be a forthcoming Symantec product. Symantec does offer some common sense steps to take: stay offline, stay invisible, verify incoming transmissions, and use passwords. In my case I turn off bluetooth. I have a habit of losing every bluetooth headset I get. The last one vanished within a day.

Security Fix has the story of someone who’s email account was hacked and ransomed for $100. In a twist, the payment was actually to go to a phishing site so they were probably after more than the $100. Also a good lesson about using the same password across emails and online accounts as he had to scramble to change online accounts that shared the email password.