Sharpe Security Blog

There are lots of ways to product a viable social media policy document. This article lays out one simple template. The links in the references section show other methods and ideas for accomplishing the same thing.EXAMPLEPolicyA broad general statement saying you disallow social media goes here if you don’t allow it at all. Otherwise, say that you permit the use of social media within certain guidelines. Specifically mention that people covered by this policy must protect themselves and the organization’s shareholders, brand, reputation, and assets. Indicate what actions failure to comply with the … Continue Reading

For the software packagers out there who need this type of list, the following command lines are provided as a reference can be used to silently uninstall updates from the various Office 2003 and 2007 SKUs. Please test these on a test machine before using them in any production environment.%windir%\System32\msiexec.exe /package /uninstall {8F1CF36F-7BC8-42CF-8A5A-8B803DE8423A} /QN /L*V %temp%\KB980373_Uninstall.log%windir%\System32\msiexec.exe /package /uninstall {48113C06-9BA2-4D54-A731-D1D2C5B3144A} /QN /L*V %temp%\KB980376_Uninstall.logOffice 2003 Product Codes (see KB832672 for related info):Office 2003 Standard{90120409-6000-11D3-8CFE-0150048383C9}Office 2003 Professional Edition{90E30409-6000-11D3-8CFE-0150048383C9}Office 2003 Enterprise{90110409-6000-11D3-8CFE-0150048383C9}… Continue Reading

The GDI object leak problem described here is still present in Adobe Reader 9.3.2.Hopefully Adobe will provide a fix soon. People affected by this bug cannot upgrade their Adobe Reader instances to either the newest version of 8.x or 9.x until this gets fixed.email: david @ sharpesecurity.com website: http://www.sharpesecurity.com/Twitter: twitter.com/sharpesecurity

Unfortunately, it appears that the popular Rage3D site was hacked recently.  I point this out not to embarrass them, but instead to applaud them for taking the time to give the following great advice as they work to address the problem.From http://www.rage3d.com/ as of 14 March 2010:”We recommend those of you registered in the Rage3D Forums change the password for the email address that you used to register in the Rage3D Forum.  If you use the same password anywhere else in your online life, you should change it there as well”.As the Internet becomes increasingly hostile, … Continue Reading

The Adobe Reader GDI object leak described that I described at http://sharpesecurity.blogspot.com/2010/02/gdi-object-leak-in-adobe-reader-92-and.html isn’t fixed in the Adobe Reader 9.3.1 release that Adobe published on 16 Feb 2010. And it ALSO affects the newly released Adobe Reader 8.2.1. So if you can’t live with this bug you have no way to patch the latest Adobe Reader vulnerabilites since versions 7.x and below are formally off support.There is still no ETA from Adobe for a fix.email: david @ sharpesecurity.com website: www.sharpesecurity.comTwitter: twitter.com/sharpesecurity

I recently learned about a law enforcement investigative technique used to listen to voice mail messages on other peoples’ mobile phones using caller ID spoofing. This technique is a little old, but not widely known. What might be an effective investigative technique to some is a potential data leakage or corporate espionage issue to others. As a proof of concept, I set up an account with a caller ID spoofing company and was able to access voice mail messages for a variety of personal and corporate Blackberry, iPhone, and cell phone devices. The problem isn’t with … Continue Reading

There is a GDI object leak in Adobe Reader versions 9.2 and 9.3 (the latest). The leak happens when any PDF is opened in a new IE window, and persists even if the new IE window gets closed. Initially you leak around 4 GDI objects per iteration, but that snowballs a few dozen iterations in until you hit the Windows default per process GDI object limit of 10,000. At that point, PDFs won’t render any more, and Windows Explorer might fail due to resource exhaustion. The problem happens after opening and closing around 120-150 PDFs in new IE windows. If … Continue Reading

Hello there! This is the blog associated with sharpesecurity.com and blueteamsecurity.com. This will be a place that I hope you find of value for information related to the entire universe of network and computer security including: incident response, forensics, malware analysis and reverse engineering, server and client RAM dump analysis, vulnerability management and patching, security assessments, policy and standards matters, industry trends, and so forth. Most topics will focus on the defensive side of computer and network security, but we reserve the right to deviate from that theme from time to time.

email: david @ sharpesecurity.com … Continue Reading