Posted by chris on Monday, March 15, 2010 – 12:38 PM
Here’s another little fix that I performed on one of my computers that I thought I would share. When I play videos on sites like Youtube, while in full screen mode, the video itself would often freeze after playing for a minute or two. The audio would continue to play correctly and if I would escape from full screen mode back to a normal video playing in the webpage, the video would begin to play correctly again.
It seems that using hardware video acceleration was the culprit. Once I disabled it, everything worked fine. This is easy to do. Just right mouse click on the video that is playing. 
Then a window should open that says Adobe Flash Player Settings. Select settings and then uncheck the box that says enable hardware settings. If you don’t have that option, you may need to click on the icon at the bottom right of that window. It looks like a monitor with a paintbrush. And that’s it. Your videos should now play in full screen mode without the video freezing.
Posted by chris on Tuesday, January 26, 2010 – 10:38 PM
Some how this one slipped by me because it was published by Adobe on the 19th.
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations to the latest version using the instructions provided above.
This update resolves a buffer overflow vulnerability that could potentially lead to code execution (CVE-2009-4002).
This update resolves multiple integer overflow vulnerabilities that could potentially lead to code execution (CVE-2009-4003).
Download Adobe Shockwave Player version 11.5.6.606 here
You can find out which version you have by going here Test Adobe Shockwave Player
Posted by chris on Thursday, January 7, 2010 – 4:13 AM
Here we go again. This isn’t news hot off the press, but I decided I should post about it here just in case some of you have missed it. There has been another Adobe Acrobat Reader exploit, CVE 2009-4324. Since it was first disclosed back in the middle of December, it has grown even nastier. The Internet Storm Center over at sans.org has a good analysis of one of the current variants.
There are still a couple days before Adobe releases a patch, which will finally be released on Jan 12. Adobe suggests you disable Java support until then. This is not the first time this has happened. What I’m suggesting is that even after this is patched, just keep Java disabled. If you open a PDF file that requires Java support, you could always turn it back on. With so many exploits in the wild, and how long it takes for the anti virus vendors to discover them, this one won’t be fixed for almost a month since it was first disclosed publicly, it’s better safe than sorry. Just disable Java support for good. Here’s how to disable Java support in Adobe Acrobat Reader
quoted from Adobe.com
SOLUTION
Customers using Adobe Reader or Acrobat versions 9.2 or 8.1.7 can utilize the JavaScript Blacklist Framework to prevent this vulnerability. Please refer to the TechNote for more information.
Customers who are not able to utilize the JavaScript Blacklist functionality can mitigate the issue by disabling JavaScript in Adobe Reader and Acrobat using the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
Customers using Microsoft DEP (“Data Execution Prevention”) functionality available in certain versions of Microsoft Windows are at reduced risk in the following configurations:
All versions of Adobe Reader 9 running on Windows Vista SP1 or Windows 7
Acrobat 9.2 running on Windows Vista SP1 or Windows 7
Acrobat and Adobe Reader 9.2 running on Windows XP SP3
Acrobat and Adobe Reader 8.1.7 running on Windows XP SP3, Windows Vista SP1, or Windows 7
With the DEP mitigation in place, the impact of this exploit has been reduced to a Denial of Service during our testing.
Watch your docs and surf safe
Posted by chris on Friday, September 11, 2009 – 3:27 AM
There is a fake adobe flash player updater that monitors your google searches. It looks just like the adobe flash installer. I’m not sure where I picked it up, but luckily I found this fake adobe flash player on a computer running firefox. Good thing I run NOD 32. I have been getting a notice that NOD 32 was blocking an outbound connection 
I found out that I was infected by this Fake Adobe Flash Player
While that website does tell you how to figure out if you have it or not, it doesn’t really tell you how to remove it, unless you buy their program. So I’m currently in the process of removing it. If you do have it, you’ll want to stop it right now! I’ve found that by going into Firefox’s extensions (Tools -> Addons -> extensions) you can disable Adobe Player 0.2 and restart Firefox. After doing this, I no longer got the warning for NOD 32 that it’s blocking the connection that msjupdate site, which I don’t know why it hasn’t been shut down yet.
I found socks.exe was running and when I looked for that file, I found it in my Windows/system folder with a creation date of 09-09-09, so I stopped socks.exe and renamed it socks.bak I would have deleted it but just in case it wasn’t installed by this Trojan, I figure it’s better to rename it. If some legit program I have starts complaining that socks.exe is missing, I can always rename it back to socks.exe
Once I’ve figured out how to completely remove it, I will update this post. In the meantime, disabling it will work. It’s after 3AM and I should have been in bed hours ago, but this was too important not to immediately warn you about it and give you at least a way of stopping it until I can post removal instructions.
Posted by chris on Monday, August 10, 2009 – 12:45 PM
There has been another Adobe Acrobat Reader update released. Since this was not a planed update, there must be something nasty floating around on the net. I’d suggest you update Acrobat Reader ASAP, if you haven’t already. You probably already know how to do it, since there has been so many updates recently. In case you don’t, just run Adobe Acrobat Reader and go to the Help menu up at the top. Under Help you will want to select Check For Updates and in that window, select Download and install updates. Another window will open and you should see the download begin. If it isn’t downloading, you may need to uncheck the box marked Download when my internet is idle.
I didn’t bother looking up what this patch is for, but not long ago there was a new exploit floating around so I imagine this is what it’s for.
Posted by chris on Monday, March 16, 2009 – 1:03 AM
The patch for that security hole in Adobe Acrobat Reader 9.0, which I mentioned here earlier, is finally out. There is only a patch for version 9.0 which will bring you up to 9.1. Earlier versions of Acrobat Reader haven’t had a patch released yet.
You can get Adobe Reader 9.1 and the security bulletin regarding it here. However, this release comes bundled with Adobe AIR. If you’d just like Acrobat Reader , without AIR, you can get it here.
There’s quite a few examples of how to exploit the hole found in 9.0 so I would seriously recomend getting the update.
Posted by chris on Tuesday, February 24, 2009 – 1:14 PM
It has been recently disclosed that Adobe Acrobat Reader is vulnerable to a virus attack. Known as Adobe Reader PDF File Handling Remote Code Execution Vulnerability. A .pdf file, which is what you are reading with acrobat, is created with some code in it that uses java to exploit your computer.
After checking the usual exploit sites, I found several versions of this attack and proof of concepts. I tested them against several anti virus programs, and so far none of them detect it. I believe it is because of the way this attack is implemented. And I don’t think they will detect it since it’s not an “infected” file but a .pdf document. I could be wrong about this and maybe there will be some anti virus software that will detect it. Let me clarify this. The exploits I found were not detected. There is a trojan going around, called Pidief.E, which uses this vulnerability to install a second piece of malware. This second piece of malware takes screen shots and installs a keylogger. The screen shots and what you have typed on your computer are uploaded somewhere so the bad guys can go through it, and look for user names, passwords, credit card numbers, etc.
This particular malware can be detected, it’s the others that are out there that are worrisome.
I was more concerned with finding a fix now, because Adobe has said the flaw will be closed by March 11th, through updates to Acrobat Reader 9. Updates for earlier versions will be released later.
For now I have found to fixes. The first is a “homebrew” patch from soucerfire and can be found here. While I applaud their efforts, replacing the .dll file with their patch could have unknown results. The second fix, which I have been implimenting all day it work today, is to disable java script in acrobat reader. This is easy enough to do. Simply run Adobe Acrobat Reader. Select edit and go down to teh bottom and select prefrences. Once prefrences is open, you will see JavaScript on the left side, under catagories. After you have selected JavaScript, you will see your options on the right. The first box that is checked says Enable Acrobat Java Script. Just uncheck this box, and you are done.
If you open a .pdf file in the future and it asks you to re-enable java script, be sure to tell it no. And be sure to update Acrobat Reader when Adobe does post the update.
