Neil Shearing’s Internet Marketing Strategies

I’ve taken this from Michael Campbell’s Internet Marketing Secrets blog. I don’t normally reprint anyone else’s posts verbatim, but Michael has summed everything up neatly in one post. That’s what I like about Michael… crystal clear, actionable info.

From his blog…

—
Adobe Acrobat Security Alert

If you haven’t updated to Acrobat 8 or higher, you may want to do so right away. It is immune to a security flaw that plagues versions 7 and earlier. If your computer is too old to update to version 8, Adobe recommends a full install of the patched version 7.

According to Adobe, “”The flaw let hackers use a technique known as cross-site scripting, in which they blend malicious JavaScript with a link to a Portable Document Format (PDF) file on a Web site to hijack a user’s computer.

The problem does not affect PDF documents themselves, and can only be used when someone attempts to retrieve a PDF document by clicking a malicious link, such as one a spammer might embed in unwanted e-mail.”"

So please note, there are no security issues with the actual PDF files. According to my hosting company MaxNetHosting.com, “To be a risk, it means that a hacker would have to hack a hosting account and inject the javascript code into the URL of the PDF file.

They told me that they, “”Have a whole arsenal of security measures on the MaxNet servers, but most hacks are at application level, due to security holes in the PHP code. Hackers can exploit those holes to do a lot of things.”"

But of course someone could download a PDF, and then upload it to their server and put the nasty code in the link. So as always, don’t open attachments, or PDF files from strangers… or even from people you know, unless you were expecting something, as it’s very easy to spoof an email address.

The easiest and safest thing to do, is to upgrade to the latest version of Acrobat Reader and Acrobat Professional, for those of you owning the full app, including Acrobat Exchange and the Distiller.

Here are the official Adobe Security Bulletins and Advisories:

http://www.adobe.com/support/security/index.html

Update your Adobe Acrobat Reader here:

http://www.adobe.com/products/acrobat/readstep2.html

—

Thanks for the info, Michael. By the way, if you don’t want to upgrade to version 8, there are other options recently described by Adobe here.

As always, be careful what you click on … it could be a phishing email, an infected Word document or a link to a PDF containing “cross-site scripting”!

This entry was posted on Wednesday, January 17th, 2007 at 2:52 pm and is filed under Current posts, Recommendations. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.