Hello to everyone who might happen upon this. This might seem an odd post considering the normal content here, but one I felt necessary just the same. For those of you who don’t know me or anything about me, I make my living in the computer security industry and have for many years. What does that mean? Well, think ‘hacker with ethics’ and you’ll be a large part of the way there. The actual accepted term is that I’m a ‘white hat’ but you get the idea.

So, why does that matter to you? Well, because a security alert surfaced yesterday that is particularly alarming and many if not most ‘normal’ people would not be likely to hear about it. Adobe has announced that the Acrobat reader has a bug that can allow someone to remotely take control of your machine. I know it works because I have the code to do it and have tried it. Unfortunately, Adobe will not have a fix out until March 11th and that is only for the most recent version. Previous version fixes will come out over the weeks following. You should also ake sure your virus definitions stay up to date over the next few weeks. Antivirus software is apt to pick it up far before the actual fix is available, but only if you have the most current updates to your antivirus signatures.

What does that all mean in English? Well, for the next month or more your machine has a huge security hole that could allow someone to remotely take control of it. The good news is that it is easy to avoid since it requires you to do something before it lets them in. The bad news is that most people don’t know any better than to do that thing. What is that thing? Opening files that come from sources you cannot trust. I know, many of you are saying ‘well, duh’ about now. But the thing is, even among the tech people I know, most of them know not to run .exe files (programs) that come from unknown sources. But in this case we are just talking about pdf files. Glorified Word documents practically. So, yeah, it is an easy target. So, if someone emails you some document for you to ‘take a look at’ or something, unless it is a friend you know well and you are expecting the document, don’t open it. Even if it is a friend but it is out of the blue, I would verify. Remember, if someone has compromised their PC they can send email acting as that friend, and they’d have access to the friend’s email address book too. So, I guess if I had to distill this further yet, I would say this: trust no one, suspect every one.

Now that I’ve spread my little rays of sunshine for the day I can go skipping through the tulip fields happily (I would say gaily but, when one is talking of skipping through tulip fields, well, precision in word choice matters a bit more) knowing I’ve saved the world. OK, so, I’m given to hyperbole. I can do so knowing that you’ve been warned. =o)

Peace,
/g