COLLECTED ALERTS TO FORUM MEMBERS

[ABoretz]

Time to MUSCLE UP your forum password.

It has come to the attention of the moderators here that since January 1st there have been several attempts made by unknown persons to crack user passwords on this forum.

These "crackers" attempted to log in under several random user names and tried to guess the correct passwords needed to access those user accounts.

We have since blocked all the attackers but until we figure out how to stop future attempts entirely we suggest that everyone muscle up their current passwords.

What this means is that you should FIRST AND FOREMOST NEVER use the password that you use to log on to this forum as the password for your other personal Net activities (so as to protect your other Internet user accounts).  

Also we suggest that the password that you do use here should be peppered with as many random numbers as you can comfortably remember to make it almost impossible to guess.

We will continue to update everyone as more information surfaces but for now the hooligans have been stopped.  

~Alex

[Lamkin]

It is strongly advised that forum members keep their e-mail address hidden; this can be done by:
(1) viewing one's profile, (2) clicking on "Account Related Settings," and (3) checking the box which says:

[Alex]

"Adobe on Sunday (June 5) released an emergency update for its Adobe Flash Player browser plug-in. The fix addresses a zero-day vulnerability that it publicly disclosed for the first time Friday (June 3rd)."  Source: INFORMATIONWEEK.COM

Here (i think) are the main points Machinarium forum members should be aware of:

• This vulnerability affects your web browser's Flash Player, not the Flash Player installed on your personal computer that you play Machinarium with.
• You can read the official Adobe Security Alert here: http://www.adobe.com/support/security/bulletins/apsb11-13.html

I do not know whether applying the update(s) suggested by Adobe will also change your stand-alone Flash Player.  We have already discovered that sometimes a user requires an earlier version of the Flash player to play the game trouble-free (see this thread) so do your own research before committing to this update.  And anyone with further information or corrections please reply to this thread.

[Alex]

Posted by a reliable source on July 15, 2011:

WARNING: FAKE ADOBE E-MAIL ASKING YOU TO UPGRADE ADOBE PRODUCTS BEING SPAMMED TODAY! UPDATE IS MOST LIKELY MALWARE!

Sample message follows:
Fake Adobe Sender wrote:

    INTRODUCING UPGRADED ADOBE

    ACROBAT READER

    Adobe is pleased to announce new version upgrades for Adobe Acrobat Reader

    http://{SOME FAKE WEBSITE}

    Advanced features include:

    - Collaborate across borders
    - Create rich, polished PDF files from any application that prints
    - Ensure visual fidelity
    - Encrypt and share PDF files more securely
    - Use the standard for document archival and exchange

    To upgrade and enhance your work productivity today, go to:

    http://{SOME FAKE WEBSITE}

    Start downloading the update right now and let us know what you think about it.

    We're working on making Adobe Acrobat Reader better all the time !

    Copyright 2011 Adobe Systems Incorporated. All rights reserved.

    Adobe Systems Incorporated
    343 Preston Street
    Ottawa, ON K1S 1N4
    Canada

Samples of fake website URLs I have seen in multiple copies of this email (broken to avoid active linking)...
hxxp://www.acrobat-reader10-upgrade.c0m
hxxp://www.adobe-acrobat-documents.c0m
hxxp://www.acrobat-reader-center.c0m
hxxp://www.adobe-reader10-center.c0m
hxxp://www.adobe-acrobat10-center.c0m
hxxp://www.acrobat-reader-center.n3t
hxxp://www.acrobat-reader-center.0rg
hxxp://www.adobe-reader10-center.0rg
hxxp://www.adobe-reader10-center.n3t


"Computerworld - Adobe today confirmed that the Flash Player bug it patched Sunday is being used to steal login credentials of Google's Gmail users." 
Source: http://www.computerworld.com/s/article/9217346/Hackers_exploit_Flash_bug_in_new_attacks_against_Gmail_users?taxonomyId=17