Secure IT Foundation

Archive for December 2009

If you are not aware, Adobe’s free Acrobat Reader (now just called Adobe Reader) software is prone to serious security risks. The software was originally just a way to standardise document exchange and printing with the PDF file format, but now has had additional functionality over the years. The biggest two risks are the JavaScript which lets code be stored in the PDF document to be run on your computer and the PDF also allows files to be stored within a PDF file so can bypass virus scanners. Turning off the JavaScript setting and not opening files embedded in PDF documents will help prevent viruses taking control of your computer with no effect on reading PDF documents.

You can do this by starting Adobe Reader, clicking on Edit then Preferences and making the following changes going through the many settings pages on by one:

  • Tick Enable Enhanced Security
  • Untick Opening of non-PDF file attachments with external applications
  • Untick Multimedia operations for both trusted and other documents
  • Untick Adobe JavaScript
  • Untick Display PDF in browser
  • Untick Speculative downloading in the background



If you read the post Secure Settings#2 – Facebook then you would have spent ten minutes making your profile only accessible to those people you want to see it.

Well if you haven’t noticed already Facebook have changed their settings and privacy policy again, so don’t forget to go back into the privacy settings and check everything is still how is should be for you.

Those unfortunate pictures may be available to the Internet if you don’t check!


By strong password, we don’t mean how much can it support if printed out in 3D lettering! We mean a password that cannot be easily guessed, is not found in a dictionary of any language, is made up of lower and upper case letters, includes those funny symbols from the number row on your keyboard and is over 8 characters longs.

To be sure, and please don’t email us your passwords to find out if they are strong, use the Microsoft password checker at the following address:

Note the https:// in the link means it is a secure connection between you and Microsoft, but do not use if you worry about giving password information to Microsoft, their own privacy policy aside.

Do not use in the workplace as your own network may actually be more secure at home.

Warning though, if you have been held under RIPA being forced to disclose your password in the UK, do not use this service to see how strong the password really is, you know that password that you will not reveal the authorities, who would never be tapping your internet connection!



  • None
  • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
  • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
  • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]