Tag Archives: best practices

Nitro PDF Software Advises – PDF Security Blunders You Need To Know

imageIf you’re a serious PDF user, then it’s almost a given that you’re familiar with Nitro PDF Software. Nitro PDF Software is a leading PDF software vendor, and the company behind Nitro PDF Professional. And, for those of us who love free software, Nitro PDF offers the award-winning free Nitro PDF Reader – you can read my take on Nitro PDF Reader here.

If you’re looking for a free PDF creator, Nitro PDF Software has you covered here as well, with its free application –  PrimoPDF – which many consider (including me), to be the best free PDF creator available.

This past week, Nitro PDF Software published a list covering three major PDF security blunders, a recent public example of each, and additionally – the best practices computer users can take to ensure their own digital document security.

Security conscious users will find the following information especially useful.

From Nitro PDF Software (with permission):

Protection, Passwords, and Permissions to Safeguard Confidential Information

Problem & Example: In what might be the only example of a lax approach to document security resulting in the #1 spot on Amazon.com’s best seller list and a subsequent film deal, first-time author Adam Mansbach’s self-proclaimed “children’s book for adults”, Go the #### to Sleep, enjoyed unexpectedly positive consequences when a bootlegged PDF became a viral success story, according to Fast Company.

It’s fair to assume Adam is less than upset right now, but – unfortunately for the rest of us – more common outcomes for similar incidents tend to involve phrases like “identity theft” and “job dismissal.”

Solution: There are a number of ways to mitigate against the risks inherent with electronic distribution, the most simple being password protection – an effective way to reduce the chances of someone other than the intended recipient being able to view the document. Always provide the password separately to the document itself – ideally over the phone or in person – and try to think of something more challenging to guess than “password.”

Did you know you can also set permissions with PDF files? This enables you to specify what a user can actually do with your document. File permissions are an effective way to prevent manipulation or unauthorized sharing – allow or deny big-ticket items like printing or editing, and even block individual actions like copying text or images.

Flatten Documents to Maintain Authenticity and Prevent Manipulation

Problem & Example: The decision to release US President Barack Obama’s birth certificate only fanned the flames of debate when the PDF version made public contained a number of so-called “inconsistencies” – most visibly the presence of layered content, giving the impression the document had been digitally altered. A more realistic conclusion would be the use of optical character recognition (if the certificate had indeed been manipulated, it’s difficult to imagine such a rookie mistake would have been committed.) Read a full story at the National Review.

Solution: The majority of us will never be subject to this kind of public scrutiny, but there are best practices to follow when publishing final form documents that are relevant to almost anyone –layered content in PDF files often holds information relating to the text and images it displays, which often remains after the visual component has been deleted. “Live” text (such as form field data or annotations) is also more easily manipulated.

Certain industry bodies standardize and regulate document practices to safeguard against similar incidents – an example being the legal sector and its usage of the TIFF format, to preserve the integrity and authenticity of legally binding documents after publishing. Most desktop PDF solutions enable you to create image-based PDFs, ensuring that vector objects, text, annotations, and everything else that exists as an independent element is baked into the page as an image.

(Not) Deleting Confidential Information

Problem & Example: Whilst an effective way to redact (or permanently delete) information from physical paper, the “black marker” method happens to be rather ineffective with digital documents, as the British Navy discovered recently when they accidentally revealed information about the security of their nuclear submarines. IT security blog NakedSecurity explains it well, but the highly confidential document was “redacted” by applying a black background to the (black) text intended for removal, allowing anyone to simply copy and paste the text obscured by the black background.

Solution: As we mentioned before, PDF files have multiple layers – what looks like flat paper onscreen is three dimensional underneath. Redaction is a complex and powerful tool that (used properly) enables the complete removal of all content, and not just what you see rendered in front of you. You should never assume that simply deleting text or images guarantees complete removal, and anyone working with confidential documents should possess an understanding of their file structure and processes like redaction.

About Nitro PDF Software

Headquartered in San Francisco, Nitro PDF Software has operations spanning North America, Europe, Asia and Australia. Competitively priced, Nitro PDF Professional provides users full control over PDF documents, including commenting, form-filling and authoring, digital signatures, text editing, one-click creation from Microsoft Office and more. Nitro PDF Software products have won multiple “Editors’ Choice” and “Product of the Year” awards and are used by millions of people worldwide, including a significant number of Fortune 500 organizations.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Cyber Crime, Digital Media, Don't Get Hacked, downloads, Free PDF Software, Freeware, Multimedia Tools, Software, Software Trial Versions, Windows Tips and Tools

Cyber Shopping on Black Friday? Six Tips From PandaLabs To Keep You Safe

imageCyber shopping on Black Friday can be very appealing – no lining up at midnight, no line ups at all, no risk of being trampled by unruly crowds, shop in your PJs if you like, “shopping around” and comparing prices is a snap, and the list of benefits goes on.

So, if you cyber shop, you may not face the risk of being trampled to death by an unruly crowd, or being shot to death by an angry shopper – both tragedies actually did happen on Black Friday, November 28, 2008. But, you will face substantial cyber security risks.

Staying safe while you cyber shop requires that you be much more wary, and that you understand that cyber crooks salivate at the opportunities Black Friday cyber shopping creates for exploiting the unwary and careless consumer.

Cyber shopping safely requires that you follow well established best practices that have proven to substantially reduce the risk of being victimized.

PandaLabs suggests holiday shoppers adhere to the following best practices this Friday and Monday, and throughout the holiday shopping season:

Avoid using search engines for locating special holiday deals. Criminals commonly turn to Blackhat SEO, which involves maliciously using search engine optimization around hot keywords to poison search engine results. Instead of using a search engine, go directly to reputable sites that you are familiar with. Screenshots of a recent malicious Black Friday search result is available at here.

Don’t click on embedded links in advertisement e-mails. E-mails that appear to be advertisements from legitimate vendors could be a well-disguised scam or malware attack. Chances are you’ll be able to find the same deal by going directly to the website in your favorite web browser.

Install all available operating system updates and patches. Cyber criminals are particularly skilled at exploiting critical vulnerabilities in operating systems and commonly used applications. Computer users are often silently redirected to a website with a carefully crafted malicious payload that leaves the computer infected with data-stealing malware or extortion-based threats. In addition to updating your system, PandaLabs strongly advises people to update Adobe Flash, Adobe Reader, and Java software, which are all commonly targeted by cyber criminals.

Don’t underestimate criminals. Cyber criminals have no limits, and will create fake advertisements, shopping carts, poison various search terms and more in order infect your computer and steal your personal data. If you’re unsure if a site is legitimate, run a search online to see if you can determine whether it’s widely known. If you can’t find details on a retailer, PandaLabs advises holiday shoppers to take their business elsewhere.

Only purchase from sites that offer secure browsing (SSL/https). You can tell if a site uses SSL/https if there is a padlock icon on the bottom corner or in the address bar of your browser. Some browsers like Internet Explorer and Chrome turn the address bar green to indicate that the site is secure. Even if a site uses SSL/https, remember that SSL only works to create a secure Internet tunnel between you and the e-commerce server. You can still transmit sensitive data over to cyber criminals, so it’s best to run frequent anti-malware scans.

Always use updated anti-malware protection. Despite growing awareness of today’s Web-borne threats, many people still don’t use even a basic anti-virus solution and leave themselves vulnerable to infections, data loss and identity theft. You can download Panda Security’s award-winning Panda Cloud Antivirus software, which is completely free, here.

About PandaLabs:

Since 1990, PandaLabs, the malware research division of Panda Security, has led the industry in detecting, classifying and protecting consumers and businesses against new cyber threats.

At the core of the operation is Collective Intelligence, a proprietary system that provides real-time protection by harnessing Panda’s community of users to automatically detect, analyze, classify and disinfect more than 63,000 new malware samples daily.

The automated classification is complemented by a highly specialized global team of threat analysts, each focused on a specific type of malware, such as viruses, Trojans, worms, spyware and other exploits, to ensure around-the-clock protection.

Learn more about PandaLabs and subscribe to the PandaLabs blog here. Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Cyber Shopping Tips, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Security Alerts, Panda Security, PandaLabs, Safe Online Shopping Tips