Return to News and Events
PDFs are safe, right? Not anymore
Tuesday, July 20, 2010
DocuCrunch
PDFs are safe, right? Not anymore
There's something about PDF files that makes users think they're safe to open. And that's exactly why they've become one of the preferred malware delivery vehicles for hackers.
That's the warning from Appligent Software CEO Duff Johnson, one of the experts on the file format and document management.
The worst thing is that most users and IT staff treat PDF files as somehow different from other files. Although they're the most commonly used format for archiving and file sharing, PDF files are as capable of being corrupted with malware as damaging as found in the most pernicious spam or corrupt Office file.
This didn't use to be the case, notes Johnson, but over the last few years, hackers have turned their attention to this widely used and seemingly safe format. He links to an IBM Threat Report that documents this growing problem.
According to some research, PDFs represent the biggest malware threat companies face right now. For example, a report by security firm ScanSafe found that in the fourth quarter of 2009, 80% of all exploits targeted flaws in Adobe's PDF software. At the time, those flaws were getting a lot of attention, leading hackers to put more effort into exploiting them.
And earlier this year, we reported on another attack that didn't make use of a security bug, but rather exploited PDF documents' ability to run embedded executable files.
PDF attacks usually occur when users are tricked into opening a file, often one that uses embedded JavaScript or Flash content that interacts with a remote server.
Key steps for companies:
- IT departments have to get up to speed on the latest PDF threats, just as they keep current on e-mail threats.
- End users should learn to treat PDF files the same as any file — don't open it if you are unsure of its origin.
- Update PostScript viewing software (generally Adobe Viewer) as soon as it is released — Adobe is constantly working on responding to the latest threats.
- Considering using alternative PDF viewers that are less common than Adobe, and therefore may be less susceptible to attacks.
- You may want to consider disabling Flash and JavaScript in your PDF readers. At least one major company surveyed said that they only permit JavaScript as an exception.
Return to In The News
How to use a PDF redaction tool with a redacted document policy
Monday, July 19, 2010
SearchSecurity.com
How to use a PDF redaction tool with a redacted document policy
by Michael Cobb
EXCERPT:
Releasing electronic documents without properly preparing them can cause serious breaches in data security. It's an obvious yet common way for sensitive data to leak out of an enterprise.
"There are third-party redaction products available as an alternative to upgrading to a Pro version of Adobe. Appligent Document Solutions was the first company to provide redaction tools for PDF documents with the release of the Redax plug-in for Adobe Acrobat "
Redaction helps to protect intellectual property, as well as information considered to be sensitive or private, and is an important security process for any organisation that handles classified, sensitive or private information. Redacting poorly can be costly.
Read the full article on SearchSecurity.com's website.
Return to In The News
ECM Industry Award for Appligent Document Solutions CEO
Wednesday, April 21, 2010
Appligent Document Solutions CEO Duff Johnson was awarded AIIM's Distinguished Service Award for his dedication to the industry and his work on developing PDF international standards.
The award was given during the April 20th awards dinner at the annual AIIM Expo and Conference, this year, held in Philadelphia.
Duff Johnson has served as vice-chair of the US Committee for PDF/Reference since 2007 and as chair of the US Committee for PDF/UA since 2005.
View the full list of recipients since 1963.
Read AIIM's press-release.
Return to In The News
PDF document management firms ADS and callas form strategic sales alliance
Tuesday, December 15, 2009
Publication: Document Management News
PDF electronic document management firms Appligent Document Solutions (ADS) and callas software have formed a strategic alliance to jointly market each other's systems to firms.
ADS specialises in PDF-specific server management applications for forms, stamping, appending, encryption and digital signatures, and callas software develops PDF technology for publishing, print production, document exchange and document archiving.
ADS CEO Duff Johnson said, “Callas' deep experience with quality assurance for PDF files in the print industry positioned them as the leading PDF/A solutions provider, while our focus has always been business document management. This alliance will allow us to present callas's expertise alongside our own, a combination that we believe will be extremely powerful.”
Callas' main sales channels are in Europe and ADS' are mainly in North America, so the cross-marketing alliance is neatly suited to both firms.
The two companies will pursue a number of activities, including a joint effort designed to expand awareness and adoption of ISO 19005, the PDF/A conformance standard for archiving PDF documents. More details on the activities of the pair will be announced in the new year, they said.
Return to In The News
Redaction makes the news again - this time it's the TSA
Thursday, December 10, 2009
The PDF redaction problem: TSA may have been using old software
Publication: Beta News
"The problem with the release of a Transportation Security Administration security screening manual was not, as many news outlets reported yesterday, the fact that it appeared "out there on the Internet." As US Homeland Security Secretary Janet Napolitano told reporters this morning, according to the Washington Post, the TSA manual was supposed to have been posted on the Internet -- it was part of a cache of documents intentionally posted to a government procurement Web site..."
"... The real problem is that the portions of the PDF document that were supposed to have been redacted -- or removed from the file and replaced with blackouts -- were not actually removed..."
"...Acrobat Professional 8 was the first version of Adobe's software to contain its own built-in tools for true redaction. Until then, Adobe directed customers to an add-on product that is still on the market, manufactured by Appligent, called Redax...."
"... Borstein went on to recommend that customers invest in Appligent's Redax tool...."
"...Again, Adobe recommended Appligent's Redax tool for securely redacting text through Acrobat, especially when the source material is unavailable...."
Read the complete article.
Return to In The News
