We all know and love Adobe products. Their PDFs have become as ubiquitous as .DOC, .TXT and .XLS. Most PCs include Adobe Reader as a bundled software. The Adobe Flash media player is the easiest most user friendly online video player on the planet and required for the most popular video site YouTube.
Brad Arkin, Adobe’s director for product security and privacy, recently commented, “We’re in the security spotlight right now. There’s no denying that the security community is really focused on ubiquitous third-party products like ours. We’re cross-platform, on all these different kinds of devices, so yes, we’re in the spotlight.”
Adobe, in response is doing everything a responsible software developer should do.
Adobe is the same boat today that Microsoft found itself in years ago. Ground zero. Hack central. Criminal hackers love it. Adobe’s software or files are used on almost every PC and across operating all systems. Every browser requires a program to open PDFs and many websites either have links with PDFs or incorporate Flash to play video or for aesthetic reasons. According to an estimate from McAfee, in the first quarter of this year, 28% of all exploit-carrying malware leveraged a Reader vulnerability.
While attention from the criminal hacking community has certainly been a burden to Adobe, the same attention is now being paid by the white hat hackers, the good guys. The security community is now actively involved in the reporting of bugs and vulnerabilities, which is helping Adobe tighten up. Fortunately, Adobe is learning from their current situation and is actively engaged in resolving these issues. They’ve created a better, more frequent software updating tool for each of their programs, including Flash and Adobe Reader. As difficult a situation as this may be, Adobe is handling it very well.
“Application security” is an often used term when, during the software development cycle, the software or application goes through a series of “penetration tests” designed to seek out vulnerabilities that could be exploited in the field. Adobe’s process now includes their Secure Product Lifecycle (SPLC) to seek out and squash those issues. It is important to understand that flaws, bugs, holes, vulnerabilities, or whatever you call them, are often detected after the launch of software. While both developers and criminals have many of the same tools, the bad guys seem to have an edge and are often able exploit those flaws before developers can find and fix them. Adobe however is beginning to turn the tide on the bad guys.
If you function in a Microsoft Windows environment, you should be aware of “Windows Update” and have it set to automatically download and update your operating system’s critical security patches. Updating Reader and Flash requires manual action, but Adobe’s built-in updater can also be set to automatic. I’d suggest that most users set this to automatic as well. If you have an older version of Reader, which may not include an automatic update option, you should head directly to Adobe.com to download the current software.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Huge IE Attack: Will Microsoft fix It in Time while XP Users are Left to the Dogs?
If you have IE 6 through 11, watch out. There’s a glitch that enables hackers to exploit flaws in these systems. Microsoft is racing to fix this vulnerability bug. Unfortunately, news is not so good for those using Windows XP, because Microsoft has ceased support, period. This means no security updates. It’s estimated that almost
- Be Proactive During Cyber Security Awareness Month
We use the web to search, shop and to connect with friends and family. And in the process criminals are trying steal from us. It used to be that a person only had to know not to open a file in an attachment from someone they didn’t know. Today there are more ways than ever that your PC can
- Watching Out For Criminal Hacks
Robert Siciliano Identity Theft Expert We use the web to search out tons of information, to shop online and to connect with friends and family. And in the process criminals are trying to whack us over the head and steal from us. And they’ve become very proficient at their craft while most computer users know enough
- Report 1.8 Billion Cyber Attacks Per Month
You read that right. While the US government sits high on its perch, snipers are taking aim 60 million times a day. The Senate Security Operations Center alone receives 13.9 million of those attempts per day. The US National Security Agency is probably the most sophisticated group of security hackers in the world. Many will argue this point.
- Five Ways Identities Are Stolen Online
Cybercrime has become a trillion dollar issue. In a recent survey, hundreds of companies around the world estimated that they had lost a combined $4.6 billion in intellectual property as a result of data breaches, and spent approximately $600 million repairing the damage. Based on these numbers, McAfee projects that companies lost more than a trillion
Leave a Comment
You must be logged in to post a comment.