ARTL: upgrade now for security
Registers of Scotland (RoS) have advised of a security issue identified in relation to Adobe Acrobat Reader 7, the software initially intended to support the digital signature capability for ARTL.
It has been learned that in version 7.0.9 of Adobe Acrobat Reader 7 (a bug was also found in the previous version 7.0.7), when the ARTL smartcard is left in the card reader after the user’s PIN number has been entered and the digital signature applied, the software remains functional in the background – retaining the user’s PIN – until the internet browser is closed down or the user removes the smartcard from the card reader.
This could result in a digital signature being applied unlawfully, without the knowledge of the ARTL user, if the user’s computer is left unattended and unlocked with the smartcard still in the reader.
ARTL users who have version 7.0.9 installed must remove their smartcards straight after digitally signing electronic documents, to prevent any security vulnerability arising. (Policy documents concerning smartcard usage, to be published soon by RoS, will require this.) It is also good practice to lock computers whenever they are left unattended.
In late 2006, version 8 of Adobe Reader was released. Available as a free download from the Adobe website, this provides improved security and RoS now recommends version 8 for use with ARTL.
In version 8, after an ARTL user has digitally signed and submitted an electronic document, the Adobe software automatically shuts down after a short time (about 30 seconds).
While the user using Adobe version 8 should still remove the smartcard from the card reader after a signing event, because that is always best practice from a security standpoint, the potential for misuse of the smartcard is drastically reduced as the Adobe software quickly shuts down and no longer retains the user’s PIN.
Having taken advice from Adobe, both RoS and their IT partner BT plc recommend that ARTL users upgrade their Adobe Reader software to version 8 if their operating system allows them to do so. They should check that upgrading will not have any adverse impact on any other applications in their office systems that use Adobe Acrobat Reader.
Due to extended testing, it is now expected that most firms will not have access to the ARTL system until September.
In this issue
- Block fees: the story behind the changes
- Strategic advance
- Court plans with little appeal
- Under commission
- Two into one can go
- Ten years of labour
- Career v Family
- Monitor - at your own risk
- Raising the standard
- Society shapes the changes
- Society shapes the changes (1)
- Money laundering to change again
- Border and Immigration Agency launches
- Dealing positively with client concerns
- From the Brussels office
- Winning ways
- Toothless against spam?
- Risk reinvented
- Technical but essential
- Pension sharing tips on divorce
- In pursuit of simplicity
- In pursuit of simplicity (1)
- First in the class
- Scottish Solicitors' Discipline Tribunal
- Website reviews
- Book reviews
- On the road
- Access or excess?
- Alterations are no 2 problem
- ARTL: upgrade now for security
Additional
