CIS 442- Chapter 6

homuskratNetworking and Communications

Nov 20, 2013 (3 years and 11 months ago)

98 views

CIS 442
-

Chapter 6

Network Security

Internet Vulnerabilities


A network vulnerability is an inherent weakness in the design, implementation
,
or
use of a hardware component or a software routine.


A vulnerability invites
attacks and makes the network susceptible to threats.


A threat is anything that can disrupt the operation of the network.
A threat
can
even be accidental or an act of nature, but threats are
mostly intentional
. A
threat can damage the network, slow it down, or make
it unavailable
. Any type
of rogue software represents a threat.


An attack is a specific approach employed to exploit a known vulnerability.


A passive attack is designed to monitor and record network activity in
an
attempt
to collect information to be used later in an active attack.


Examples of
passive attacks are packet sniffing
and
traffic analysis.


Passive attacks
are difficult to detect.


An active attack tries to damage a network or its operation. Such
attacks are
easier to detect, but are also more damaging.

Port Scanning


When two programs on different computers exchange data, all the data
packets sent
between the programs have (among other specifications) the
same port
number.


Accessing
a network opens a port and is similar to opening
a door
. This makes ports
especially important for network security.


When data packets
arrive at a computer from different sources, each stream of
packets
uses
a port number.


A
port is identified by a 16
-
bit integer and there can
be up
to 216
− 1 = 65,535 ports.


There are three classes of ports, well known (0 through 1023),
registered (
1024
through 49,151), and dynamic/private (49,152 through 65,535).


The well
-
known
ports are assigned by [IANA port 04] and are normally used
by
operating
system processes. Some examples are FTP (port 21),
TELNET (
port 23), SMTP
(port 25), and HTTP (port 80).


Registered
ports
are typically
used by user applications (as opposed to operating
system processes
) when
they have to contact a server, but such ports can also identify
named services
that have been registered by a third party.


Dynamic/private ports are
used by user applications, but their use is rare. Such ports
do not
have any
meaning outside of any particular TCP connection.


A port scanner is a program that listens to data arriving
at and
departing from
certain ports on a computer.


Port
scanning has legitimate uses
in managing
networks,
but is also used heavily by hackers to gather
information
that
identifies open doors to the computer.


Information
collected by
port scanners
is used to
identify operating system utilities installed in the
computer
, and
exploit known vulnerabilities in those
utilities in order to
break into
the computer.


Port
scanners are implemented by sophisticated
hackers
who
make them available on the Internet.


In many cases, it is easy to detect the activity of a port
scanner simply
by checking
the log files that are
continuously updated by the operating system.


Once a port scanner is detected, its transmissions can be
traced back to
their origin
and sometimes stopped.
However, the mere activity of port
scanning is
not illegal.


Newer
port scanners exploit a vulnerability associated
with SYN
packets and half
-
open connections. Those are
much harder to detect
, because
half
-
open connections
are logged by the operating system.

Examples of Port Scanners


Vanilla: The scanner attempts to connect to all I/O ports.


Strobe: A specialized scan looking only for certain services to exploit.


Fragmented packets: The scanner sends fragments of packets.
Such
fragments
can sometimes get through certain packet filters in a firewall.


UDP: The scanner looks for open UDP ports.


Sweep: The scanner connects to the same port on several (even many
)
computers
.


FTP bounce: The scanner goes through an FTP server (to appear
legitimate
).


Stealth scan: The scanner partly disables the log service of the
operating
system
, so it (the operating system) can no longer record the
scanner’s
activities.


Nmap

(Network
Mapper
)
is
a free open source
utility for
network
exploration and security auditing. Among other checks, it
looks for
port
scanners.

Spoofs


The term spoof means to pretend to
be someone
else, to
falsify one’s identity
, or
to cover tracks.


It
is no wonder that various spoofing methods are
used by
hackers to gain access or to obtain information.


A computer may be protected from attack by
restricting the
IP addresses that may send it data.


A
router may have a list of
IP numbers
and it allows only
data from these numbers to enter the computer.


A hacker who has this list may spoof the router by sending
data that
appears to
have come from a legitimate IP
address. Someone who doesn’t have
the list
may discover
an allowed IP number by sending the computer data
packets with
consecutive IP numbers until a packet gains
entry to the computer.

Defending against spoofing


Filtering. If the computer is part of a local area network, the
network has
a range of IP addresses.


When
data is sent outside a local
network (
uploading), the
filter software at the router should block any source
IP
outside
the range of the local network. This prevents
someone in the
local network
from sending spoofed data
outside the local network.


When
data
is received
(download), the filter should block
any packets with source IPs
that are
within the range of the
local network.


Encryption and Authentication. There are Internet
protocols that
specify the
details of data encryption and
how to authenticate messages.
While imperfect
, such
protocols may help to eliminate simple IP spoofing attacks.


Sequence number spoofing. The TCP protocol specifies the use
of
sequence
numbers within data packets.


Each
data byte has a sequence number
, and
the receiver must
acknowledge the sequence number of the last
contiguous byte
it
has received
.


Sequence number spoofing is the case where a hacker can compute
or guess
the next set of sequence numbers in a data transmission.


The hacker can
, in such a case, send false packets of data and they
will be received
with full
trust by the client program in the receiving
computer.


Good defense against
this kind of attack is to encrypt the data. If
the hacker doesn’t
know the
encryption key, any false data inserted
will not decrypt properly and
will therefore
be useless to the owner
(who can request a retransmission) as
well as
to the hacker (who
can try to corrupt the next transmission).

Session hijacking


This type of attack occurs when a hacker
gains privileged
access to a network device, such as a router, that serves as
a gateway
between the server and client. The hacker can, in
such a case, use


IP spoofing to take over the entire session of data
transmission and send
any information
, rogue programs,
and corrupt data to the client’s computer
.


An alternative is to use “blind” hijacking, where the hacker
guesses
the responses
of the computers at
B and C.


The
hacker can, in such a case,
send
a
command and
cannot see the response, but can guess the response to
many commands
. A typical command is to set a password
allowing access to
B
and
C from somewhere else on the
network.

DNS


A domain name server (DNS) is a computer used
specifically
for networking
. It has a dictionary with IP
addresses and the
corresponding URLs
.


When
a computer wants to send data, it has to prepare
packets with
the IP address of the receiving computer.


The
human user
normally knows
the URL (a meaningful
string), so the sending application has
to connect
to
the DNS first, send it the URL, and receive the
corresponding IP
address.


Only
then can the application send data with the
proper
IP and
TCP headers. This is why, when we want
to browse a certain URL,
the browser
often displays the
message “looking for
. . . ” for a few seconds.


One threat related to DNS is man in the middle (MIM).


A
hacker
may register
a domain name, such as
aple.com, that is similar to an
existing popular
URL.


When
a user mistypes
aple

instead of apple, the
browser receives
from the DNS computer the IP
address of the hacker’s site,
and connects
to that site.


Now
the hacker is in control. His site can
display
information
similar to that displayed by the real site,
while also sending
its own
malicious software.


The
hacker can even retrieve from apple.com
the web
pages the user wants, then forward them, perhaps
modified, to the user


A common MIM attack involves denial
-
of
-
service (
DoS
) against a
network node
by
flooding it with messages and so preventing it
from
responding to
legitimate users and
visitors.


This
attack can be directed either
against a
server computer to force it to crash, or against
the network connection
to cause
heavy packet
loss.

DNS Poisoning


Another threat related to DNS is DNS poisoning. In the past, the
most
common
DNS software was the Berkeley Internet name daemon (BIND).


Early versions of this software had weaknesses that made it easy for a
hacker to
modify the IP addresses associated with any URLs.


Once
a hacker
changes the
IP associated with, say apple.com. Anyone
trying to connect to
that URL
will be connected to the hacker’s site, with
potentially disastrous results.


A well
-
known example of DNS poisoning is the defacing, in 2001, of
the
Web
site of RSA
Security.


The
anonymous hijacker
rerouted visitors
from RSAsecurity.com to a fake
site that looked like the RSA site
but was
different in significant ways.


Anyone
who noticed the differences in
the Web
site, assumed that RSA
Security, an important developer of
encryption techniques
and products,
had been compromised. In fact, only the DNS
was attacked
and corrupted.

Spam


Spam is unwanted, unsolicited email sent
in bulk
to many unwilling
recipients.


Most
of it is commercial advertising
for doubtful
products, get
-
rich
-
quick schemes, or quasi
-
legal or health services
.


Spam
is named after the 12
-
oz cans of spicy ham made by the
Hormel company
since
1937.


By
itself, spam is nuisance, not a security concern
, but
it can be
exploited for a
DoS

attack. A central computer
dedicated to
sending
and receiving email for a large organization can be attacked
by
sending
its many users massive quantities of identical email
messages.


This consumes
valuable network bandwidth, it overloads the CPU,
eats up
disk space
on the email server, and can cause it to crash (by
overflowing
some data
structure) or freeze (by keeping the CPU
permanently occupied
with receiving
, logging, sending, and
forwarding the spam messages).


It may come as a surprise to many that most spam messages are
sent from
computers (mostly private personal computers on high
-
speed cable
or DSL
networks) that have been infected by special strains of viruses.


Such a virus
hijacks the infected computer and turns it into a
spam
proxie

(a
special
case
of zombie).


A
major spammer may at any time own such a
botnet

and
control
thousands of spam proxies that serve him
obediently and
send millions of
spam messages
anonymously.


The
sobig

virus (technically a worm, see year 2003 in Appendix C) was the
first specimen
of malicious software designed to create spam proxies, but
similar viruses
(mostly variants of the original
sobig
) are implemented and
released all
the time and manage to infect tens of thousands of computers
worldwide every
week.


The
virus installs special software known as
spamware

that
takes over
the
computer (essentially hijacking it) and handles the distribution
of spam
.


URLs such as
Specialham.com
and Spamforum.biz (both
now defunct), which are hosted
mostly in
Russia and China
(but also in Florida), may not look very useful or
interesting
to
a casual visitor or even to security
-
conscious persons
such as
readers of
this book, but are familiar and very
useful to spammers.


These
sites
also carry
advertisements for bullet
-
proof
hosting (ISPs, most of them Chinese
, that
allow spam) and
allow spammers to exchange news and information.


The news is mostly about steps taken by ISPs and law
makers and
enforcers in
various countries to make the lives
of spammers more difficult.


Much information is
offered on ISPs and networks that
close their eyes to spam
in return
for the high revenues
obtained from spammers.


The Send
-
Safe program has a feature that
speeds up the sending
of spam
and makes it
harder to identify its source
.


Spamhaus

maintains a register of known spam
operations (ROKSO
) database
with names,
addresses, and much information on the top
200 spammers.

Why Spam is bad ?


It is easy to send. All that a spammer needs is
spam software and
a fast
Internet connection
.


Many spam messages ask the user to click on
a link to be removed
from the
mailing list
.


Spammers tend to use computing resources
illegally or even to steal
them outright.


Spam is trash. We have all seen messages
advertising worthless
merchandise and
deceptive or fraudulent services

Avoiding Spam


As a simple precaution, try to uncheck all the
prechecked

boxes
before you
ask for more
information or subscribe to a free service or
newsletter.


A Web site that collects names and addresses has
to have a
privacy policy
where it states whether it
shares this information with other parties.


If a site does not display such a policy, or if it has
no policy at all,
avoid it
. Naturally, the worst sites
promise privacy and break this promise all
the
time
.


It is also a good idea (practiced by this author) to
leave
immediately when
you see the words “free
gift.” These words are a sure sign of
something
wrong
, because a gift, by its very nature, is free
.


A similar scam to avoid is contests. Contests are
very often used
as bait
to lure unsuspecting users
to submit their names, physical addresses
,
telephone
numbers, and email addresses.

Protecting emails


An
important technique of collecting email addresses is
harvesting
them
(some prefer the term scavenging) from the
Whois

data
base.


The spammer can simply
try all
the
IP
numbers in order, and examine
each result automatically,
by special
software (that he can constantly
tune up and improve), looking
for strings
that may be email
addresses
.


Spammers
use
spambots
, software that
crawls the
Web, examining
Web pages looking for email addresses, and
harvesting them
for
future abuse or for sale.


An
obvious (but alas, not ideal)
protection is
to obfuscate all email
addresses in a Web page. Instead of writing an
email address
in your
Web site in a form such as
leopold.bloom@ulysses.name
, it
is better
to have something like
leopold

bloom at
ulysses

dot name.

Anti Spam tools


There are commercial services that provide relief from spam for
their
members
by blocking it. A typical spam
-
relief service maintains a list
of
approved
senders and asks each of its members to provide their own list
of approved
senders.


The
service “sits” between the member and the
member’s mail
server,
and the member uses the same email software to send and
receive
messages
.


However
, the software connects to the service which, in
turn, connects
to
the member’s email server. Messages whose senders are in
the service’s
list of approved senders (or in the individual member’s list) are
let through
to the member.


For
any other messages, the service sends the
sender a
short challenge
message, like the one of Figure 7.5, asking the sender
to click
(just once)
on a certain link.


If
the sender clicks on the link, he is
added to
the service’s list of approved
senders. The idea is that a spammer
would not
be able or willing to
respond to many challenges.


A simple technique to reduce spam is to open several
alternate
email address
. When one gets flooded with spam,
tell your correspondents to
use another
one.


There
are several large companies, such as Yahoo and
Hotmail, that
provide free email addresses, but they
are
frequently
targets of
massive spam
and various attacks.


A common sense idea is to avoid giving out your email
address as
much as
possible
.


If
you have a Web site with your address, try to write it in
the form
john at
abc

dot com or a similar format. If you set
up a
message board
or a discussion group, try to display
just part of any email address.

Zombies


Certain types of malware are used to capture control of
a computer
and
command it remotely. Such a captured machine is known
as a
zombie and
a set of zombies is termed a
botnet
.


A
botnet

is an
ideal means of hiding the identity of a perpetrator and
security
experts see
more and bigger
botnets

all the time.


It
is known that
DoS

attacks
are often
carried out after the attacker has
gained control of many
computers and
turned them into zombies
.


A
targeted Web site is flooded with a
vast number
of meaningless
messages sent by computers whose innocent
users know
nothing about
the attack. The attack keeps legitimate users from
using the
site, causing
inconvenience to users and monetary losses to the
site’s owners
. Such an
attack is referred to as distributed denial of service (
DDoS
).


Zombies are also used by spammers to hide their identities. A
spammer
who
controls a zombie computer, sends this slave a (normally stolen)
list
of
email addresses and instructs it to send a message (or several
messages
) hawking
useless merchandise, fraudulent schemes, or
unwanted services
to all
the addresses. Zombies are less destructive than
viruses or other types
of rogue
software because they rarely damage data.

More Spam Advice


If you have your email program set to preview
messages (i.e., to
show you
the contents of the
message in a window below the list of email),
the
spammer
may be able to verify that the email has been
received.


If you click on a link to unsubscribe from a mailing list,
you have
confirmed to
the spammer that your email
address is active.

The
spammer
can then
sell your
address to others.


Spammers can include a “web bug” in an email. This is
a link
that connects
to the
spammer’sWeb

site as soon
as the email is read or previewed.


If you want to avoid letting spammers know that their
mail got through
, follow
the advice given here.

Avoiding Spams


Use anti
-
spam software, update and run it
regularly. This software
can significantly
reduce
unwanted email, especially if it is programmed to
receive feedback
from the user/reader and
employ it to learn (from the subject
line or
sender’s address) which messages are spam
.


Never buy anything advertised by unsolicited
email because this
only encourages
future spam
.


If the sender’s name sounds unfamiliar, delete
the email without
any hesitation
. Most spam is
just a nuisance, but often it includes viruses
and
other
nasty software.


Never respond to spam messages or click on any links in them.
Replying to
spam

even to unsubscribe from it

confirms to the
spammer that
your email
address is a valid one, thereby
encouraging more spam.


Opt out of any further information or free or attractive offers.
When you
fill out forms on the Web, uncheck any checkboxes that
offer
further information
or offers.


Don’t use the preview mode in your email viewer. Spammers can
verify that
a message has been previewed, even if it hasn’t been
opened,
because the
preview effectively opens the email.) Knowing
that you have read
their messages
encourages the spammers.


Try to decide whether an email message is spam based only on
the
subject
line and sender’s name and address. Use the bcc field if you
email many
people at once.


The
bcc (blind carbon copy) field hides the list
of recipients
from
any individual recipient. If you include the addresses in
the To
field,
spammers may harvest them and add them to mailing lists.


Restrict the use of your email address on the Internet.
Don’t publish
it on
Web sites, newsgroup lists or other
online public forums.


Spammers have software
that crawls the internet to find
addresses in such places,
harvest them
, and add them to
mailing lists.


Give your main address only to those you trust (and even
then be
ready for
your address to be discovered and
abused by spammers).


Always have several secondary email addresses ready.
(Those are
easy to
open at sites such as Yahoo, Gmail, and
emailaddresses.com) When
you fill
out Web registration
forms or surveys on sites with which you don’t
want further
contact, use a secondary email address

Denial of Service


Many Internet attacks try to obtain private data or to damage data.


In contrast
, a denial
-
of
-
service attack aims to shut down an entire
network,
a single
server, or a particular Web site. The attack tries to
prevent
legitimate users
of a service from using that service.


This
can be done by one of
the following
methods:


Flood a network with traffic. This makes it hard or impossible for
legitimate users
to send or receive data.


Disrupt connections between two computers. This prevents remote
access to
the machines
.


Attempt to prevent a particular user from accessing a service.


Disrupt or prevent network access to a particular computer or
network. A
hacker may open an account at an ftp site, then store
data and retrieve
it repeatedly
, thereby consuming disk space and
monopolizing network
services at
the site.

DOS types


There are three types of denial
-
of
-
service, (1) consumption of scarce
or
nonrenewable
resources, (2) destruction or alteration of network
information
, and
(3) physical destruction or alteration of network
components
.


The first type, consumption of scarce resources, relies on the fact
that
computers
and networks need resources such as electrical power, CPU time
,
memory
space, disk space, and network connections.


The
easiest
resource for
a hacker to consume is network connectivity. It is
possible to tie
up the
network connections of a computer, such that it waits
for some
data that
never arrives, so it remains hung up.


All
that the hacker has to
do is
start opening a connection to a network
server but never complete
this process
. The victim server has reserved a port
and a data structure
for the
connection, but the port remains half open. The
hacker (or a group
of coordinated
attackers) can very quickly tie up all the
available ports of
a server
.


In
the meantime, other users, legitimate or not, who try to
establish
connections
are denied access
.
Such an attack is called a SYN flood. Even
someone with only a
slow computer
and slow modem can stop a large server
very quickly. Here is
a detailed
description of this threat.

Ping and ICMP


Those are commands that were originally developed for testing connectivity in
networks.


The original ping program was written as part of UNIX by Mike
Muuss

and
generated so
much interest that the ping concept became
part of
the Internet protocol.


If your operating system is experiencing frequent crashes with no
apparent cause
, it
could be the result of this type of attack.


The obvious defense against the ping of death is to patch the
low
-
level routine
that
sends data packets to never send large packets, and patch
the routine
that receives
packets to ignore packets that are too large
.


In
practice
, this
should be done by the makers of the operating system and issued as
a
security
patch.


The second type of
DoS

threat involves destruction or alteration of
network
information
. An attacker may be able to change the IP number of
a victim’s
personal
computer, change the registration of the operating system
, or
change prerecorded
telephone numbers used by the modem to call
outside servers
.


The third type of
DoS

threat involves physical destruction or
alteration of
network
components. This can be done by an intruder physically
appearing in
a computer center
and disabling, breaking, or disconnecting cables
and other
hardware devices. A hacker
may also climb a utility pole and
disconnect telephone
lines or television cables,
thereby disrupting service to users in
the neighborhood
.


Firewalls


A firewall is a combination of software and hardware that decides
what
kinds of
requests and what specific data packets can pass to
and from a computer
or a
local network.


A
firewall for a personal computer is
normally fully
implemented by
software, whereas a small network of computers
often found
in a
home (typically consisting of 2

3 computers and a printer)
may use
a hardware firewall that’s built into the network’s router
.


The main task of a firewall is to block certain requests for data
transfer
, and
the firewall makes these decisions based on rules. A
firewall starts
with some
built
-
in (default) rules, and its user/owner
can add, delete, and
modify rules
.


We
can say that a firewall enforces an access policy through the
rules
, and
a rule tells the firewall what properties of a data packet
to examine
and how
to decide whether to let the packet through or
not.

Firewalls tasks


A typical firewall performs the following tasks:


(
1) limit incoming data
, so
that data coming from
certain senders (or that has certain properties)
will be
blocked,


(
2) limit outgoing data, so a program will not be
able to
send data
outside (to call home) without
the owner’s knowledge,


(
3) generate
and save
a log of all its activities,
especially on data packets it has blocked, and


(4) do all this fast and be transparent to the user.


A firewall rule specifies a set of conditions and
what action to take
when a
condition occurs.


A
complex rule can check several conditions,
while
a simple
rule is limited to just one
condition. Rules can also be hierarchical.


In such a case, each rule is simple and checks one
condition, but a rule
can have
several child rules,
each checking one condition. This way, each rule
is simple
, but the overall performance can be
complex.


Examples of actions are “delete,” to delete a data packet, “pass,” to
let
it through
(into or out of the computer), “drop,” to drop the
connection (in
case of
a
DoS

attack that tries to hang up the
connection), and “log,” to log
the data
packet and then apply the
next rule to it. (For incoming data packets
, the
“drop” action sends
a TCP RESET command to the sender, while for
an outgoing
packet
the same action sends a small TCP FIN packet.)


The two main components of a firewall are the gate and the choke
(
there can
be several such pairs in a large firewall).


The
gate transfers or
blocks the
data and the choke is the filter that
decides which data to block.


Those familiar
with firewalls like to compare the gate to a security
checkpoint
and the
choke to a security guard.

Firewall extra tasks


A modern firewall may also include rules for checking
the data of a
data packet
, not just the fields of its
header. This useful feature is referred to
as
content
filtering
.


Another advanced task is to limit the amount of data
(the bandwidth
) allocated
to certain users or to certain
applications. This way, a firewall
can help
in
bandwidth
management
.


Bandwidth accounting is another important task
performed by
modern
firewalls
. The owner/operator of
a local network needs to know how
the network
is
used over time
.


Another important picture that a good firewall can
paint is the
pattern of
connection logging.

Router attacks


A router is an important component of a
computer
network
, even a small network used in a home.


Even
if there is only
one computer
, a router is still
useful.


Perhaps the simplest attack on a router is to change
the DNS server
it uses
. Every time the computer user
wants to connect to the Internet,
the URL
typed by the
user has to be translated to an IP address.


There are many
DNS servers that maintain lists of pairs
(URL, IP), and they
supply the
needed IP addresses.
Sending the router to a malicious DNS server
can be
the key to a whole slew of other attacks.


A more complex threat is posed if someone can modify the
programs that
run the router. Those programs are firmware and
router makers
issue firmware
updates from time to time. Imagine
someone slipping malware
into a
new firmware update issued by
the router manufacturer and made
available in
its website, waiting
to be downloaded by router owners.


Once
a
router is
updated, the malware in it can send its controller
copies of any data
sent and
received by the computer. It can even
send executable code to all
the devices
attached to the router, all
without the router owner’s knowledge.


Even more dangerous exploits are possible, but they may require
some “
help” from the user. Both hackers and security researchers
have proved
that a
router can be attacked and compromised if the
user can be enticed to
click on
a bad link or if the user neglects to
change the router’s password from
the default
(usually admin).

Router usage advices


Reset the router (even a brand new one) to its
factory state.


Update the router with the latest firmware
available in the
manufacturer’s website
.


Change the default password to a new, secure
one.


The router may have features to support devices
that you don’t have.


Turn those features off.


Turn off all features that allow the device to be
administered from
anything other
than the
device(s) plugged directly into the router.

The URL
-
shortening threat


The Internet is big. There are
many sites
and even
more files. Each file on the Internet (as also on a
computer
) must
have a unique name, which is
why many URLs are long. Special


URL
-
shortening services exist to alleviate this
problem.


Examples are tinyurl.com
, bit.ly, and is.gd. These
services are useful but they
also pose
a security
threat. Someone sends you a short URL that
should take
you
to an interesting site whose URL
is long. Instead, the short URL takes
you to
an
infected website.


PDF JBIG2 flaw. In 1993, Adobe introduced the portable
document format
(PDF), a file format for documents. The format is independent
of the
application software, hardware, and operating system used to create
or
view
the document.


A
PDF file includes a complete description of the
document including
text,
fonts, illustrations (images in vector graphics format
), and
bitmaps. Each
type of data in the file is compressed with an
algorithm designed
specifically for that type. Together with the format specification,


Adobe also released appropriate software that it collectively named
“Acrobat.”


Adobe Acrobat is a family of computer programs designed to view, create
,
manipulate
, and manage PDF files. Most of the programs in this
family are
commercial, but Adobe Reader (for viewing and printing of PDF files
) is
free and can be downloaded from Adobe’s web site.


The
Acrobat
family and
especially the Reader are widely used to present
and exchange
platform independent documents
.

Flash weakness


Adobe Flash is a popular multimedia application
for adding
animation and interactivity to Web pages.


Originally
designed
and implemented
in 1996 by Jonathan
Gay who called it
SmartSketch
, the
program was
acquired
by Macromedia in the same year and its name
changed to
Flash.


Since
2007, it has been developed and distributed by
Adobe Systems.


Flash is commonly used to create animation,
advertisements, and
other
videos that are included
in Web
pages. In July 2009, a weakness (that
became known
as
zero
-
day vulnerability) was discovered in Flash player
versions
9 and
10 by an anonymous hacker.