David Kirkpatrick

July 24, 2009

Online security issues — Twitter and Adobe Reader

Online security should always be at least a tiny voice in your head whenever connected to the web — and with mobile devices, Wi-Fi, et.al., being connected is becoming 24/7 for a lot of people.

Here’s two articles on security issues with popular online tools.

First up is Twitter:

In April, a Twitter wormknown as “Mikeyy” or “StalkDaily” reared its head. Similar to the 2005 Samy worm on MySpace, the Mikeyy worm was authored by a 17-year-old who took advantage of a code quirk to gain notoriety for his Web site, StalkDaily.com. Twitter shut it down–plus a few follow-up viruses (“How TO remove new Mikeyy worm!”)–fairly quickly. Following the worm attacks, cofounder Biz Stone wrote on the company blog, “Twitter takes security very seriously and we will be following up on all fronts.”

Shortened-URL Dangers

Parallel to the growth of Twitter is the expansion of URL-shortening services. Fitting your thoughts into 140 characters takes practice; including full URLs is almost impossible. Usually URLs have to be truncated through services such as Bit.ly and TinyURL.com, which also mask the true destination URL and can present their own security problems as a result.

The first signs of shortened-URL trouble came with a pair of Twitter worms that promised to help users remove the Mikeyy worm. In June, a wave of hidden poisoned URLs swept Twitter, using Bit.ly links to low.cc and myworlds.mp domains where users were asked to download a file called free-stream-player-v_125.exe to view a video. The file held malware. Bit.ly and TinyURL have been responsive to reports of abuse; Bit.ly, for one, now blocks those low.cc and myworlds.mp domains.

And second is a troubling issue combing two Adobe applications — Flash and Reader:

Adobe Systems Inc. late Wednesday admitted its Flash and Reader software have a critical vulnerability and promised it would patch both next week.One security researcher, however, said Adobe’s own bug-tracking database shows that the company has known of the vulnerability for nearly seven months.

In a security advisory posted around 10 p.m. Eastern time Wednesday, Adobe acknowledged that earlier reports were on target. “A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems,” the company said.

Click here to find out more!The “authplay.dll” mentioned in the advisory is the interpreter that handles Flash content embedded within PDF files, and is present on any machine equipped with Reader and Acrobat.Adobe said it would patch all versions of Flash by July 30, and Reader and Acrobat for Windows and Mac no later than July 31. Until a patch is available, Adobe said users could delete or rename authplay.dll, or disable Flash rendering to stymie attacks within malformed PDF files. Adobe did not offer any similar workaround for Flash and could only recommend that “users should exercise caution in browsing untrusted websites.”

The U.S. Computer Emergency Response Team (US-CERT), part of the Department of Homeland Security, included instructions on how to delete the Flash interpreter from Windows, Mac and Linux machines in a Wednesday advisory of its own.