Recently in Security Category

Roger Grimes on Security and the "Monoculture is Bad" myth

| No Comments
Share

Here’s an article that came out in InfoWorld titled Don’t fall for the monoculture myth that provides a helpful perspective on Reader’s vulnerabilities. The subtitle states “The idea that there’s more security in using less popular software is not only false, but a smokescreen to solving the real security issues.”

I wish I had said that.

Read the full article

Third of the New eSeminar Recordings Now Available

| No Comments
Share

Update: The Certification Program mentioned in this eSeminar is now expired. We are no longer accepting emails with the code words.

On Thursday of last week I recorded a presentation on the topic below. If you enjoy it, please join me for some other eSeminars in August.

Click here to Watch:
Enabling Acrobat 9 Enhanced Security:
With the addition of interactive form features, multimedia, and scripting, PDF files continue to become more capable with each release. However, new capabilities present new risks, so Adobe proactively introduces new security functionality to combat emerging threats with each new version. Joel Geraci, Acrobat Technical Evangelist, discusses how the Enhanced Security feature creates restrictions that may affect some legacy (and new) PDF workflows, and how to create an environment where users can selectively bypass those restrictions on a per document, directory, or host basis.

My August series will cover topics that are more targeted at the government and government integrators. I’ll talk about accessibility, digital signatures and enhanced security.

Register for the August Series

Security Updates available for Adobe Reader and Acrobat

| No Comments
Share

Security updates are now available for Adobe Reader and Acrobat. Adobe recommends users of Acrobat and Adobe Reader update their product installations to versions 9.1.1, 8.1.5, or 7.1.2 using the instructions located here to protect themselves from potential vulnerabilities. Adobe expects to make available Adobe Reader 7 and Acrobat 7 updates for Macintosh before the end of June.

UPDATE! – You can chain the updates by following the instructions from my earlier post. To add the 9.1.1 patch, add a semi-colon between the patches. Your patch line should look similar to the one below.

PATCH=AcrobatUpd901_all_incr.msp;AcrobatUpd911_all_incr.msp

Note:
For those of you who disabled JavaScript during this window of exposure, these updates correct the vulnerability and you can now re-enable that functionality.

Enable JavaScript in Adobe Reader and Acrobat using the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Check the ‘Enable Acrobat JavaScript’ option
5. Click OK

Share

In earlier versions of Acrobat and Reader, certain revoked Digital Signatures that displayed as invalid, now display as valid signatures in Acrobat and Reader 9.1. We’ve released a new TechNote that describes this change and how you can make a few changes to return to the original behavior of Acrobat 9.0 if you feel the need.

Why the change?
While the signatures may have been deemed invalid in the past by Acrobat, the signature validation time change shows that the signatures actually were valid at the time of signing… but may not be valid today. This is an important distinction which we felt was critical to bring out in 9.1. We feel that signing time is a more accurate portrayal of the status of the signature, rather than current time.

Read the complete TechNote, Certain revoked Digital Signatures which in Acrobat and Reader versions prior to 9.1 displayed as invalid, now display as valid signatures in Acrobat and Reader 9.1. That’s the title – seriously.

Adobe Security and Information Assurance Document Library

| No Comments
Share

We’ve overhauled the security related documentation and web site. Personally, I can’t believe how much easier it is to find stuff, you barely need to scroll the browser. Here’s a few highlights:

  • The new
    Security in Adobe Products document combines the Security Administrators Guide, Digital Signature Guide, Document Security Guide, several white papers and the one page quick keys.
  • This is also the new home for the technical white papers
  • The technical guides are now set up in a grid so you can select from the Acrobat 7, 8, or 9 versions of the same document.

Click Here to go to the Adobe Security and Information Assurance Document Library

Share

Hot on the heals of the 9.1 release, we have the security updates for earlier versions of Adobe Reader and Adobe Acrobat.

  • Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1.
  • Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1.
  • For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates.

See the new Security Bulletin at http://www.adobe.com/go/apsb09-04 for details and downloads.

Share

Hot on the heals of the 9.1 release, we have the security updates for earlier versions of Adobe Reader and Adobe Acrobat.

  • Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1.
  • Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1.
  • For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates.

See the new Security Bulletin at http://www.adobe.com/go/apsb09-04 for details and downloads.

Share

If you’ve been keeping up with the latest Acrobat and Reader security alerts, you’ll be glad to know that we have release the 9.1 updates for Adobe Acrobat and Adobe Reader. You can read the details of this update and download the installers here.

The update has been released as a patch for Adobe Acrobat 9.0 Standard, Pro, and Pro Extended and as a full installer for Adobe Reader 9.0.

In addition to the security update, there are bug fixes you should be aware of and a few other details about the 9.1 update that I’ll be posting about over the next few days. Until then, don’t leave yourself vulnerable, go get the update.

Migrating and Sharing Security Settings

| No Comments
Share

In one of my earlier videos, I talked about how to deploy Acrobat and Reader with all of your settings predefined using the Adobe Customization Wizard. In this video, I talk about how you can adjust the security settings enterprise wide after Acrobat and Reader have already been deployed.

I’ve also created a PDF Portfolio of all of the security documentation. You can download it by selecting the link at the bottom of the video window.

Files: Security Documentation Portfolio 

Share

If you are concerned about recent online discussions of Acrobat 9 and password encryption, read this excellent post on the Security Matters blog.

Read the full article