I subscribe to Search Security at Tech Target and receive newsletters from them on a regular basis. It just so happens the one that I received Considering the number of different possible attack vectors this 28% is huge. The article goes through some very common sense tips for protecting
Deb Hale Long Lines, LLC |
Deborah 279 Posts ISC Handler Jun 9th 2010 |
Thread locked Subscribe |
Jun 9th 2010 1 decade ago |
One practice they didn't mention: Dump Adobe. For PDF reading, generation and editing there are some very good alternatives that are cheaper, less bloated and much more secure.
You'll miss out on some multimedia functionality from Adobe 9 that nobody is using but you'll be safer for it! (see Nuance PDF Reader or Acrophobia for just two examples) |
Anonymous |
Quote |
Jun 9th 2010 1 decade ago |
The US-CERT Technical Cyber Security Alert TA10-159A has additional mitigations. Such as: Disable the display of PDF documents in the web browser, Prevent I.E. from automatically opening PDF documents, Disable Javascript in PDF.
See: <a href="http://www.us-cert.gov/cas/techalerts/TA10-159A.html">US-CERT Technical Cyber Security Alert TA10-159A </a> Another good article for securing Adobe Reader suggests blocking multimedia in documents, blocking the launching of non-PDF attachments from inside a PDF, controlling plug-ins, restricting web sites in Trust Manager, removing Javascript execution privileges from menu items. See this article: <a href="http://www.techradar.com/news/internet/6-ways-to-protect-your-pc-from-rogue-pdf-files-592099">6 ways to protect your PC from rogue PDF files</a> |
Anonymous |
Quote |
Jun 9th 2010 1 decade ago |
Excellent article. Both disabling Javascript in Adobe Reader and discouraging users from opening questionable attachments can go a long way to protect users. I am glad that Adobe is responding to security risks appropriately.
Paul Ciatto Consultant, Insource Technology "The postings on this site are my own and don't necessarily represent Insource 's positions, strategies or opinions." |
Anonymous |
Quote |
Jun 11th 2010 1 decade ago |
Thanks for your kind comments on my article Deb. Something I have learned from my many years in information security is that the need for refreshers is pretty much constant.
Here's a good example: Back in 1998 I helped design and deliver online security training courses taken by over 10,000 employees. But yesterday I read that lax security at this very same company had led to the exposure of over 100,000 high profile customer email addresses. Clearly, security know-how within any organization needs constant reinforcement. New employees are constantly entering the workforce and need information security awareness training appropriate to their roles and what role in a company today does not require an employee to handle at least some information securely. Unfortunately, during tough times likes those from which we are now--hopefully--emerging, training and awareness programs tend to be neglected or under-funded. That means the problem of under-trained and under-aware staff will likely get even worse in the coming year as businesses emerging from the recession take on more new staff. |
Anonymous |
Quote |
Jun 15th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!