INFO: Adobe Acrobat Reader Potential Exploit

News spreading around that there exist a zero-day exploit on the popular PDF application Acrobat Reader abound. This vulnerability is acknowledged by Adobe and their security bulletins and advisories site has it logged. And while a patch has been released by Abode to address the exploit, their download site seems to have lagged from that.

While users may have patched (or the unaware have already been patched by automatic updates), newly installed computers or those that do not have any PDF readers installed are still potentially vulnerable. This is because the binary available for download off Adobe's website is still the unpatched version.

As seen from the screenshot above, the version available for download is 9.1. While the latest updates that patch the zero-day exploit is 9.1.2.

If you do not install Adobe's Acrobat Reader you are in better shape than others. But to the common non-IT people, the default PDF application that installs is Acrobat. And installing the unpatched version poses a threat to the unwilling innocent victim.

So if you happen to have version 9.1 or the older 8.1.4 or 7.1.1 it is time to click that update button and save yourself from the threat.

Having the update/patch available is good. But making the available downloadable binary the patched version is the better scenario. It should not be that hard to do for a company like Adobe.

Read More

HOW-TO: Firefox Javascript Security Hole Stopgap Measure

Firefox 3.5 may be the greatest and latest release but it has its share of security holes. Hackers have posted the code and instructions on how to exploit the critical security hole in the popular browser, so until it is patched it literally leaves millions of users exposed to the threat.

The security hole is introduced with the addition of Tracemonkey, a javascript engine known to speed up javascript rendering in this version of Firefox.

There is no need for you to downgrade to Firefox 3.0. The same website referenced above illustrates the procedure on turning Tracemonkey feature off.

• open a new tab;
• type “about:config” and hit enter;
• read the warning and heed its wisdom;
• enter “jit” in the filter field;
• change the value of “javascript.options.jit.content” to enable (true) or disable (false) TraceMonkey for JavaScript in Web content;
• change the value of “javascript.options.jit.chrome” to enable (true) or disable (false) TraceMonkey for JavaScript in XUL/chrome.

While Mozilla is tackling the issue and trying to address the security hole with a patch/upgrade, it is advisable to plug the hole by disabling Tracemonkey. This thus downgrades the 3.5 to the 3.0 javascript rendering speeds. Believe me with millions (even billions) of websites out there, disabling the Tracemonkey engine is well worth the trade-off for now.

And with the millions of users who have downloaded Firefox 3.5 since its release, imagine the potential targets of malicious javascript code.

It is true, functionality should take precedence over security. But in this case it is prudent to prioritize security given the powerful functionality javascript has and what it can do, most especially when exploited. You can be the next unwilling victim!

With their track record, Mozilla should be able to come up with a fix soon.

Read More

TWEAK: Force Firefox Add-on Compatibility

With the release of best, greatest and latest Firefox 3.5 (download here), the temptation to upgrade is very appealing. However, as Firefox thrives with the availability of millions of customizations -- in the form of add-ons -- one will have to be careful as not all of your add-ons are compatible.

How then can you upgrade to the latest and greatest version of Firefox without having to sacrifice missing add-ons? Can you force your add-ons to install (at least) and check functionality with Firefox? The answer is yes, that's exactly what you need to do and here's how.

First, download the add-on to your hard drive. Right-click on the "install" button and choose "Save Link As.." (or another name for it). You will be downloading a file with .xpi as extension. And, chances are, it will not be recognized by Windows.

Next, open the .xpi file with your favorite archive program. WinRAR and 7Zip are tested to work, so use either one. Extract the file install.rdf inside that .xpi archive. It is advisable to save the .xpi file on the Desktop for ease of use later.

For our procedure we will play around with FasterFox add-on which is compatible only up until Firefox 2.0.XX versions. So this will never install with Firefox 3.XX.

(NOTE: This add-on was chosen for the purposes of illustration only. But if you want to use it, by all means do so.)

Open install.rdf in your favorite text editor. Look for the string "maxVersion" (see below) and change the value to 3.5. Save the file and re-insert it to the .xpi archive.

Launch Firefox and drag the .xpi file from your Desktop to the Firefox window. It will then install and prompt you to restart Firefox. Once restarted, viola! your add-on is now installed. This, of course, does not guarantee that your favorite add-ons will work exactly as expected. It just allows them to install. Others may work and others may not. Therefore, use this guide at your own risk.

But if your add-on is compatible with Firefox 3, chances are it will be compatible with Firefox 3.5. Again, no guarantees.

Read More

ARTICLE: Hard Drive Performance Tweaks

It is no secret that the hard drive is the slowest (and probably the least improving part) of the average desktop. Although the price per gigabyte has dropped significantly over the past few years, the transfer speed has not increased as equally in proportion.

And, as many of you already know, the fastest desktop can only go as fast as the slowest component -- which we know to be the hard drive. How then can you squeeze the best performance out of the slow hard drive? With tweaks of course. Here's how.

First, disable the index service and remove indexing of the drive contents. Open windows explorer and right click on drive C (Local Drive C:). Untick "Allow Indexing Service to index this disk for fast file searching" (ignore all files that cannot be changed). You will find a similar window like the one below.

Next, disable file and directory access times. Each time a file is accessed, the access time is modified and this adds I/O to the drive. Disable it to increase throughput. Save the registry entry below and merge to your registry.

REGEDIT4

; NTFS tweaks
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisableLastAccessUpdate"=dword:00000001

If you want to do it via command line, open a command window and key in:

FSUTIL behavior set disablelastaccess 1

The registry merging above requires a reboot. So the command line is the better alternative. But to make sure that the registry contains the change you may opt to do both. You may choose to reboot after defrag. See below.

And lastly, the most significant tweak of all.. Defrag your hard drive. This best works with buying a very useful tool -- Disktrix Ultimate Defrag. I'm not an affiliate of this company but their product simply works for me. So I endorse it.

Launch Ultimate Defrag.
1. Select Tools --> Options. Under High Performance, place a check next to include These File Types
2. Select Add and scroll down and add "*.EXE". Then Select Add again and add "*.DLL"
3. Under Archives, add *.MSI, *.MSP and *.CAB in a similar way .EXE was added but only for archives. I added extras like *.ISO, *.RAR and *.ZIP. But those are only my preferences.
4. Accept all changes. And on the main menu, select Defrag Method Consolidate
5. Tick "Respect High Performance" and "Respect Archive"
6. Tick "Put Directories Close To MFT"
7. Start defragmentation. This will take a while if run for the first time.

After performing the above steps, reboot. Then you will note that your computer becomes a bit more responsive than before. Of course, you tweaked it this time!

Enjoy the speed boost.

Read More