Adobe is recommending that users of Adobe Reader 9 and Acrobat 9 update their software to address certain security flaws. Click here for more information, and to access the necessary downloads.
Scanners
Categories
- About this weblog
- Acrobat 8.0
- Acrobat 9.0
- Acrobat.com
- Bookmarks
- Create PDFs
- Digital Signatures
- Discovery
- E-Discovery
- E-Filing
- Forms
- Gen. Legal
- Humor/Fun
- Metadata
- Observations re: technology
- OCR/Paper Capture
- PDF Presentations
- PDF: Advanced
- Presentation
- Products & Plug-ins
- Scanners
- Search/Database
- Security
- Tech Stuff
- Web/Tech
- Workflow
August 13, 2009
Important security updates now available for Acrobat and Adobe Reader
Posted at 12:24 PM in Acrobat 9.0, Security | Permalink | Comments (0)
February 20, 2009
Acrobat security issue
Adobe announced today that Acrobat and Acrobat Reader (all versions since version 7) are vulnerable to a Javascript exploit that can crash Acrobat.
Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the security issue. It expects to update Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for prior versions of Adobe Reader and Acrobat will follow soon after.
If you're worried about this exploit right now you should turn off Javascript support in the preferences settings.
Posted at 11:57 AM in Acrobat 9.0, Security | Permalink | Comments (0)
February 12, 2009
PDF redaction gone awry
No matter how many times one explains the proper way to redact information from PDF files, there will continue to be major screwups. What's a major screwup? This would be a major screwup.
Okay, once more: there are redaction tools built into Adobe Acrobat 8.0 and 9.0. If your law firm doesn't have either of these versions it's time for an upgrade. Oh, and don't forget to train your lawyers and staff on how to do proper redaction.
Posted at 08:16 AM in Acrobat 8.0, Acrobat 9.0, E-Discovery, Security, Workflow | Permalink | Comments (6)
November 05, 2008
Security flaw in Adobe Reader
A security flaw in version 8.1.2 of Adobe Reader could allow an attacker to take control of a computer, according to Core Security Technologies. Adobe plans a release of a security update to fix the vulnerability which is based on use of javascript.
Posted at 09:08 PM in Security | Permalink | Comments (1)
May 21, 2007
Securing PDFs - free webinar this Thursday
If you are interested in learning how to secure your PDFs, you should seriously consider signing up for this one hour webinar put on by Adobe. It's called "Securing Legal Documents & Information" and its free if you are registered with Adobe. Expert Acrobat instructors Rick Borstein and Bryant Bell and will cover common questions such as these:
- How do I keep the recipient from copying text or printing a PDF?
- How can I password protect a PDF?
- How do I ensure that only the intended recipient can open a PDF?
- How do I revoke a PDF, even after it has been renamed, copied to a thumbdrive or sent outside my firewall?
- How can I find out if a PDF is genuine and hasn't been tampered with?
- How do I ensure that the PDF I need to send does not contain dangerous metadata?
The webinar is this coming Thursday from noon to 1 pm CST. To sign up or find out more about the program, click here.
Posted at 10:33 AM in Acrobat 8.0, Metadata, Security | Permalink | Comments (0) | TrackBack (0)
January 22, 2006
Scrub Your Documents Like a Spook: NSA Guide
BoingBoing spreads the word that, buried deep in the Federation of American Scientists site, is the NSA's guide for "sanitizing" Word and PDF documents.
The guide provides detailed guides for redacting text and images, and handling metadata. It has lots of excellent information, and clearly illustrated instructions for scrubbing your documents.
Clicking this link downloads a 668K PDF.
~~ Dave
Posted at 07:31 AM in Security | Permalink | Comments (0) | TrackBack (49)
December 13, 2005
Clean up your PDFs Before Publishing Them
Yet another PDF metadata snafu -- this time by the White House! In this article by PDF Zone's Don Fluckinger, we learn that the 38-page Iraq policy document posted as a PDF shows a Duke PoliSci professor as the author. (Ouch!). This story joins last spring's military secret redaction
debacle as an example of why it is important to have at least a basic understanding of your technology.
There are many potentially embarrassing or damaging things that you can include in a PDF. Clean up after yourself. As the old saying goes, "it is a poor workman that blames his tools."
~~ Dave
Posted at 10:24 PM in Security | Permalink | Comments (0) | TrackBack (35)
May 02, 2005
vowe dot net :: If you close your eyes, you don't actually disappear
Link: vowe dot net :: If you close your eyes, you don't actually disappear.
Don't let this happen to you.
Last Friday an official report was released by the Pentagon and the American authorities claiming basically that the murder of the Italian secret agent Calipari in Bagdad was a consequence not of the American soldiers mishandling of the situation but due to the wrong behaviour of the Italians and the car carrying the agent and the hostage on the way to the airport.The document was produced in Acrobat PDF format and most of important information was hidden as confidential. The Italian government (the minister of foreign affairs) made a lot of noise as they disagreed with the conclusions and refused to sign the document. No names were released from the Americans and many important details wiped out from above document.
This morning Gianluca Neri, an Italian blogger from Milano, had a look at the document which was published on the net and ridiculized the whole American secret services. With a simple cut and paste from the Acrobat document into a word processor, he was able to disclose all details to the public: names, places, the name of the soldier who fired, everything...
If you are going to redact documents, get a clue. There are a couple of things to remember here -- don't blow off understanding the structure of PDF because it's "technical;" and learn how to use your tools.
~~Dave
Posted at 10:29 AM in Security | Permalink | TrackBack (49)
January 29, 2005
Beware the .EXE -- Post a PDF Please
Following a recommendation from Dennis Kennedy, I went to the very nice site for Litigation Support Department Operations Manual. While the offering there looks extremely interesting, and I want to read it, I didn't download it -- because it's an executable file, (the name ends in .exe).
At the risk of coming off as a jerk, or worse, starting a "my platform is better than your platform" type of flame war, I offer my two cents:
If you are going to provide something to your clients (or prospective clients) via the Net, please, please, please don't make it a Windows executable file.
First, I accessed the site via my Mac. I can't run a Windows executable file. Although lawyers are overwhelmingly Windows users (like the rest of the planet), they're not *all* Windows users. I use and prefer Macs (although I am fastened to the PC ball & chain at the office).
Second, and more importantly, even if I were running Windows, I still wouldn't download that file. On my "federal" PC, I can't run random executable files that I download off the interweb. The network admin won't let me. This is a wise policy. (I don't even like to exchange MS Office documents with outside counsel, and metadata is just one of the reasons.) Executable files are programs that you run on your computer, and even if they are from a trusted source, they can cause real trouble.
If you are your own admin, think twice (thrice!) before taking the bait and running unknown programs -- even after you have run a virus scan on it. If you have a network admin that has the network set up so that users CAN download and run .exe files, walk to whatever space you confine him in and smack him upside the head. It's 2005! You just can't do that stuff anymore.
Finally, a pitch. If you want to have every person with computer access to be able to access your document, make it a PDF. If you want your manual to trigger spreadsheets, do calculations, hyperlink sources -- PDF can do it. It is a format that presents a much lower barrier to use, and considerably enhances the security of your offering. I'd love to talk to the folks who created the Litigation Support Manual, and see if we could come up with a way that I could really use their product.
-- Dave
Posted at 01:32 PM in Security | Permalink | Comments (3) | TrackBack (36)
September 08, 2003
Password protect PDF documents
One advantage that PDF documents have over other image files (i.e. TIFFs or JPGs) is the ability to secure the document. You can limit a user's ability to copy text from a PDF document, or even prevent a user from printing (which some people rightly complain about). But there are other, more significant, uses of document security that lawyers and judges should be aware of.
For example, you can secure a PDF file so that it can only be viewed if you know the document's password. Why would this be useful? Well, for starters, let's assume that you need to file something "under seal" and you are in a jurisdiction that only allows electronic filing. The way that electronic filing works in most jurisdictions that use it is that you simply upload the file or E-mail it in to the court, at which point the document is immediately available to everyone who wants to view it. Not good if you are filing something under seal, because the whole point is to limit access to the document.
With PDF's document security you can file a secure version of the document and then call the court to tell them the document's password. The password could then be distributed in a secure method to everyone who is supposed to have access to the document.
Let's use a concrete example: if you have version 5.0 or higher of Acrobat Reader you can click here to view a secure PDF document. You'll be prompted for the password, which is "password". Warning: if you have version 4.0 or lower then you won't be able to view it. This is one of the problems of security. Each version of Acrobat has an increasingly higher level of security (which is a good thing), which creates incompatibility problems. But the Acrobat Reader is free, so just download the latest version and you should be able to view the document.
Some people have even used the security of PDF to post their key information up to a website that they can access from anywhere. The sensitive information is available but not viewable unless you know the password. I'm not sure I would rely on this (because if you taunt a hacker you'll usually find that they can break security with enough effort and time). Nevertheless, PDF's document security can be a good thing if you use it in the right way.
Posted at 12:05 PM in Security | Permalink | Comments (2) | TrackBack (40)
Recent Comments