Friday, January 12, 2007

Turn of displaying Adobe PDF Reader in browser

If you have Adobe Reader 7 or earlier make sure you turn off the option "Display PDF in browser". Follow these three simple steps to turn it off.

  1. Start Adobe Reader
  2. Goto Edit > Preferences  or press Ctrl + "K"
  3. Select Internet in Categories
  4. Make sure that the Display PDF in browser is unchecked.

Make sure you follow these steps as soon as possible or someone could be going through your personal information online. I have developed a proof of concept that can use the flaws in Adobe Reader to get information by only visiting a webpage. But I don't think I will release it online as it makes little sense to release it. It could be used to gain way too much private information from your browser. Make sure you turn it off before you end up loosing a lot of personal information.

Technorati Tags: adobe, pdf, reader, security

Monday, January 01, 2007

Major security hole in Gmail - Contact list

UPDATE: It has been fixed now, this hack will no longer work.


The next time you use gmail make sure you logout or its quite possible that someone else is going through your contact list. Have a look at this example http://vivekjishtu.googlepages.com/contactlist.html

If you see a page with all your contacts, so can the spammers. The contact list can be used by spammers to harvest all the email addresses in your list. Though I really like JSON but its just these few security issues that makes AJAX a better option atleast in terms of being secure.

Technorati Tags: gmail, javascript, json, ajax