Funtime Xtreme

It has been reported, and verified, that multiple web-mail service providers have been compromised and tens of thousands of usernames and passwords have been leaked. Services compromised included Yahoo! Mail, Gmail, Hotmail (to included MSN Mail and Live.com mail), AOL Mail, and others. It is highly recommended that anybody actively using one of these services change their passwords IMMEDIATELY. Let me know in the comments if you have any questions.

References:
Time to change your hotmail/gmail/yahoo password
Tens Of Thousands of Email Usernames and Passwords Posted Online By Phishers
Gmail, AOL, Yahoo! all hit by webmail phishing scam

That is the question. I got offered a position working back out in Kuwait doing Information Security, much like I am now, but I’m not sure if I should take it or not. A lot of people are telling me I should go, and it would definitely be a great opportunity for me, but I’m just not sure. The pay would of course be big, and it would be huge for my career (working with new tools, senior level position, ability to further education through certs and college) but I’ve gained a lot since I came back to the states and am not sure I really want to give all that up. I will be making my decision today as the offer expires at COB (close of business) today, so I will update the blog tomorrow with my final decision. Any ideas, thoughts, or comments feel free to let me know in the comments section.

I know how much you guys love your PDF files out there, so be sure to check this out.

A critical vulnerability has been discovered in the JavaScript handling within Adobe Reader and Acrobat versions 9.1 and earlier. According to the announcement, Adobe expects to make available Windows updates for Adobe Reader/Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader/Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X, by May 12th, 2009.

In the meantime, disable JavaScript in Reader and Acrobat by performing the following:

1. Launch Acrobat or Adobe Reader.
2. Select Edit > Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

That should disable the JavaScrpt functionality of Adobe products until the patch is pushed out next Tuesday…which also happens to be Microsoft patch Tuesday so I’m sure there will be a handful of Important/Critical patches to be installed on the 12th. Yea to M$ products! Lol

So in my job, I deal with a lot of different issues having to do with information security. This facebook phishing attack has been hitting lately and popped up on some of the security blogs I read.

This Phishing attack is an email that has the subject “Hello”  (First off, if you receive an email that has a subject of “Hello”, and that’s all…  immediately suspect for nonsense.)

The phishing attack with read something like “”YOURFRIEND” sent you a message” with a link to go click on and read what your “friend” wrote.

The link instead sends you off to fbaction.net (Don’t go there.)  Where the page looks like the Facebook login page and they are hoping you will type in your credentials.  Farily simple phish, so keep your eyes open.

There you have it. Beware of fbaction.net because it is NOT the real facebook site.

Facebook Phishing attack — Don’t go to fbaction.net [SANS ISC]