How to get PDF secured?
By Gina on February 7, 2012 | Computer Security, PDF, Adobe Reader X, Acrobat X, computer security, malicious files, hackers
Nowadays, hackers target globally used file formats and this is mostly addressed to PDF. Because of PDF's feature to sheer data and intellectual property as a universal medium makes it vulnerable and most targeted by hackers. The main thing attackers do they create malicious files and infect applications by making them to crash and when they succeed they may insert malicious code to run on the system which enables to spread malware and do everything that hackers want.
So, Adobe presents a list of security mechanisms that should be included in any PDF application. These include an application sandbox, data execution protection including non-executable memory and safe structured exception handling, address space layout randomization, stack cookies and etc.
Adobe adds that evaluating only the product is not sufficient because applications and security change very fast, that's why it is important to evaluate security stand of the supplier. Software development and testing, patching policy, post release support and response to bug discovery need to be included for evaluation.
"By comparison, other PDF readers crashed up to 134 unique times, and other PDF writers crashed up to 132 unique times on a large corpus of test PDF files," Adobe points out. "Because the PDF file type can be used for attacks, the days of licensing and deploying the lowest-cost PDF tool – without careful scrutiny of security – are long gone. When an organization’s reputation and survival depend on the ability of their security defenses to stay strong in the face of repeated attacks, it’s critical that they hold application vendors to a higher standard."
More Computer Security news
39 flaws are fixed by Apple
Apple released OS X Lion 10.7.4 in order to fix 35 security holes as well as 4 vulnerabilities in the Safari web browser. The problem with Time Machine in OS X Lion is fixed with the new update. These flaws could enable a remote attacker to access a user's backup credentials. An issue is solved with Directory Service which could allow exposing sensitive data by the attacker. Read more.- Apple fixes Java flaw (April 2012)
- Google releases Chrome 17 update
- More patches for Flash Player (March 2012)
- Enterprises do not trust cloud computing, claims study
- Flash bug removed; Adobe released 7 patches
- Adobe news: Sandboxed Flash Player for Firefox released
- 'Nazileaks' site is hacked by hacker group Anonymous
- Spywared.com wishes you happy holidays!
- Silent IE updates
- Anonymous and Team Poison duet create Operation Robin Hood
