CIS Security Benchmarks

This one is for the security conscious. If you are performing a hardening procedure for your OS, application/web server, other applications you might wonder how are other people doing that and where can you draw the line by saying that it is secure-enough. A great place of resource in such a case is the CIS Security specifically their resources download page. There you’ll find a form that allows you to choose and download a whole bunch of security benchmarks for various products like Apache HTTP server, Tomcat, Apple OSX, FreeBSD, Windows OSes, Firefox, MySQL, Oracle and various others. When presented with a list make sure to download a copy that’s relevant to the version of the product you’re using. There are archives for some products which include older versions that are less popular now. Newer documents have a very nice layout that include the following

Google Chrome Integrated PDF Support

If you’re using Google Chrome browser from the so-called developer channel (i.e. beta version) now you can enjoy the improved PDF support. The thing is that with all the buzz around the PDF format (in)security a lot of companies seem to have taken some steps in providing a more secure user experience for PDF viewing. Since most of the attacks using PDF files are targeted towards the Adobe Reader we’ve seen a lot of updates for the viewer this year. Though this does not mean that all the users are security conscious and update to the latest versions. This also affects the users of the browsers as it is common to think that PDF files are safe to view when in reality some PDF files online might exploit the PDF viewer’s plugin for the browser in order to stage an attack. There are alternatives like Foxit Reader, but they’re not bullet-proof either also the creators of the browser have no control over which PDF viewer you’re using. And of cource they can’t force you to update your version for the sake of security. So Google’s idea is simple – make the browser display PDF files natively in this case they’re in control of what’s going on. Security- and performance-wise this is a good thing. Though this might not be for everyone just yet the Chrome PDF Viewer is disabled by default. In your chrome address bar enter chrome://plugins/ in the plugin list find the disabled PDF viewer and click the enable link. Now try viewing some PDF files.