Processing .....please wait.. 
The article has been forwarded.... 
Adobe is hackers' favorite target: Arkin
By siliconindia
|
Tuesday, 08 June 2010, 00:00 IST
Bangalore: Some Adobe software, especially the free Adobe Reader PDF viewer and the also-free Flash media player, are not only in the security spotlight but also in hackers' cross hairs, reports Gregg Keizer of The Computerworld.
According to Finnish antivirus company F-Secure, 61 percent of all targeted attacks ones purposefully aimed at specific individuals or businesses to break into company networks. In the first two months of 2010 exploited a bug in Reader. Rival security firm McAfee, meanwhile, estimated that 28 percent of all exploit-carrying malware in the first quarter of this year leveraged a Reader vulnerability.
"We're in the security spotlight right now, there's no denying that the security community is really focused on ubiquitous third-party products like ours. We're cross-platform, on all these different kinds of devices, so yes, we're in the spotlight," said Brad Arkin, Adobe's director for product security and privacy, in an interview.
May not be happy that his company's software has become popular with the wrong crowd -- hackers, identity and information thieves, and other cybercriminals -- but he sees a silver lining.
"We're thrilled when someone shares information with us responsibly," he said, referring to bug reports submitted privately, thus giving a vendor time to patch the problem before news about it is released publicly. "That's one less potential vulnerability that could be used by the bad guys."
Adobe is doing more than waiting for bug reports, said Arkin, who pointed to the security moves the company has made in the past year. Among those changes: an increased emphasis throughout the company on writing more-secure code, an improved update tool for Adobe Reader, faster response to zero-day vulnerability disclosures, and some new -- and upcoming -- security features within Reader.
Adobe now develops code under what it calls its Secure Product Lifecycle (SPLC), an approach similar to Microsoft's much-better-known Software Development Lifecycle (SDL), which involves several security-specific steps that programmers go through to make their software less likely to harbor bugs.
