17th > December > 2011 Archive
Adobe has released updates for its Reader and Acrobat applications that fix two vulnerabilities that attackers were exploiting to seize control of Windows-based machines. Version 9.4.7 of the programs fix two memory-corruption bugs that Adobe says are “being actively exploited in limited, targeted attacks in the wild” against machines running Windows. The same bugs are present in Mac and Unix versions of the applications, but there are no reports of machines running them being exploited. The bugs are also present in Reader X for Windows, but a security sandbox, which Adobe added last year to minimize the damage that results from code flaws, prevents the attacks from working.
A consortium of companies has published a set of security practices they want all web authentication authorities to follow for their secure sockets layer certificates to be trusted by browsers and other software. The baseline requirements (PDF), published this week by the Certification Authority/Browser Forum, are designed to prevent security breaches that compromise the tangled web of trust that forms the underpinning of the SSL certificate system. Its release follows years of mismanagement by individual certificate authorities permitted to issue credentials that are trusted by web browsers. Most notable is this year's breach of DigiNotar, which led to the issuance of a fraudulent certificate used to snoop on 300,000 Gmail users in Iran.
Product Round-upProduct Round-up There’s only really one choice of technology for printing photos well and economically. Inkjet printers produce better quality photos than traditional silver halide, one of the reasons digital photography has superseded it.