To say 2011 was a successful year would be an understatement. With impressive sales of new solutions like WebForms and SignHere, and the continued success of our award-winning WebDocs, we hired several new employees to help with development and implementation. We are also expanding our office space in the upcoming months as well. The future is definitely bright for RJS.

But what does the future have in store for our customers? In 2012, we have several exciting developments already underway.

RJS in the cloud
This might surprise you, but we’ve been offering cloud-based services for nearly a decade! RJS currently supports both WebDocs and WebForms in a hosted model. As 2012 progresses, we look forward to adding additional RJS software products to our cloud line and are excited to assist current customers who are looking to shift their document management strategy from on-premise to the cloud.

Expansion of WebForms
One of our most exciting information capture products is WebForms. Not only has WebForms become a core component to our quote-to-fulfillment and accounts payable solutions, the product is a true differentiator in the document management marketplace. Our web-based forms allow users to collect form, survey and other document data electronically and save that information to any database, ERP or ECM system like WebDocs.

SignHere’s continued growth
Our digital signature capture solution has been a huge hit since its introduction in 2010 and has particularly caught fire in the lodging and gaming industry. With many casinos and hotels looking to automate check-in, SignHere is an ideal fit in a market plagued by an immense paper trail. Not only is SignHere a legal alternative to pen and paper, it also provides strict security capabilities.

Additional mobile functionality
Many of our products can already be utilized with any mobile or tablet device, but we are now diving into apps that will mobile-enable our product suite. We are currently exploring ways to make iSeries and Windows data readily available at your fingertips and are in development of SignHere and WebForms enhancements that will allow stylus or finger signature capture directly on your mobile device.

Single sign-on
Starting this January, we will begin offering single sign-on to iSeries customers with multiple RJS solutions. Single sign-on allows users to provide one password to utilize all RJS software products, eliminating the problem of remembering dozens of user logins and passwords. To learn more about this product enhancement, check out our announcement on December 12.

Investment Protection
Don’t forget, if you’re an iSeries customer looking to migrate to Windows in 2012, all of our products run on any platform. If your business applications are moving to a new platform, your RJS investment is safe because our software can move with you!

Interested in learning more about our exciting plans for 2012? Register for my 2012 Kick-Off Webcast on Thursday, January 19th!

A quick programming note: This will be our last blog post of 2011, since our marketing boys are taking much-deserved vacations. On behalf of everyone here at RJS, have yourself a Happy Holiday, Merry Christmas and Happy New Year!

In our Friday Fun Links last week, we included a slideshow of “What the World’s Biggest Websites looked like at Launch.” Thanks to a fun site called “The Wayback Machine,” you can see what virtually any website ever crawled looked like at various dates in the past 15 or so years. Today I thought it would be fun to see how RJS Software’s website has evolved over time. Just a fair warning… the clip art, fonts and colors you are about to see might shock you.

Our first website archived is from June 1, 1997. We touted ourselves as “the AS/400 Client/Server Data Experts” and originally lived under the rjssoft.com domain.

In November 1998, we secured the rjssoftware.com domain, but redirected visitors to our rjssoft.com main site.

On April 27, 1999, rjssoft.com relaunched with the extremely popular “left toolbar” navigation and added banner ads and an official purple logo (a color choice most likely chosen based on the near Super Bowl-bound Minnesota Vikings).

In January 2002, we finally transferred our website over to rjssoftware.com and added this sweet header complete with an animated gif!

Two years later in January 2004, we launched our most professional site yet, complete with traditional horizontal navigation, a slick diamond graphic and sales call-outs. We also started to advertise our cross-platform capabilities as we moved into the Windows space.

With our first dedicated marketing manager on board (Joel Sawyer), the site was once again relaunched on February 12, 2005. The goal was to better focus on brand messaging and product solutions, as well as webcasts and events.

In 2006, we first introduced “the RJS Document Management Lifecycle” and launched our blog.

In June of 2007, we contracted web development firm Arcstone, to design and build a site. The design was clean and the messaging was simple, yet effective.

And we end this trip down memory lane with our current website. Completed October 2010 by Minneapolis-based bswing, our current site creates an enhanced user experience with better navigation, solution-based document management lifecycle messaging and a robust footer. You’ll also note a rebranded logo and color scheme.

Another month, another collection of patches and fixes you should install. This month we cover Adobe, Microsoft, VMware, Oracle, Opera and Android.

Adobe
Adobe has released patches for Acrobat and Reader … again. As before, these updates address flaws that allow attackers to take over a system by simply directing the user to a PDF file. Like we’ve seen throughout the past year, if you’re running Adobe Reader X, you’re far better off than if you stayed on 9.  (If you’re on 7 or 8, be aware those systems are no longer being maintained and are even riskier.) See details here and here.

Any file can be a potential source of compromise, but as the PDF format becomes increasingly more complex, it is increasingly used as an attack vector. If you don’t have a patch process built around Adobe products, you are  not only taking a huge risk, but you’re likely already infected. Modern anti-malware systems do a great job of protecting against this sort of threat, but expecting them to protect the negligence of not patching is like expecting to put out a forest fire with a hand-held extinguisher.

In other Adobe news, there is a problem in Flash that we don’t know much about yet … except that Adobe hasn’t patched it yet. What little we do know about this problem is documented here. Needless to say, when you’re building that system to protect yourself from PDFs, best work Flash patching in, too.

Finally, there’s been problems found in Flex and ColdFusion. These have been patched and, thankfully, do not seem to require a recompilation of your applications. If you’re running a ColdFusion system, please read the technote here and pay close attention to whether you’ve installed the APSB11-14 Hotfix. If you do not have admin privileges to your ColdFusion server, you can use this technique to pull out information to give to your admins.

Microsoft
Microsoft sure believes in 2011 going out with a bang.  Thirteen updates came out last week with eight of them critical. We get a nice mix of remote execution and privilege escalation which means “game over” to anyone that runs them together. Problems with TrueType fonts and Excel files are being actively exploited. As usual, the best details are over at the SANS Internet Storm Center. Please patch ASAP.

I also want to take a few minutes and point you to some interesting facets of the Microsoft articles that accompany these problems. Normally, Microsoft hides some information deep in the alerts about workarounds, but they’re usually not very useful. This month, however, is quite different.

- Microsoft has had a history of problems with reading TrueType files. Odds are MS11-087 is not the last patch for this issue. If you want to disable all embedded font functionality, see this workaround. You’re basically blocking access to the embedded font system by setting ownership and access control lists. Note that it will break the ability to generate PDF files from Word.

- The problem with Pinyin IME only affects Chinese versions of Office … and those that installed the optional input method. If you’re the type of person that loads all options just to have a “complete” install, be aware this places you at risk. The more pieces you have in a system, the more options an attacker has to take advantage of you.

- The workarounds for Publisher all read: “Do not open Publisher files that you receive from untrusted sources or that you receive unexpectedly from trusted sources.” This is common verbiage in Microsoft articles. By now, I think we all know users are going to click on stuff. So, better advice might be “If you don’t need Publisher, don’t install it.” This also applies for Word, Excel, Powerpoint, Access, Project, OneNote, PictureManager, etc. Megapackages like Office come with lots of parts and if you don’t need them, don’t install them.

- The problem with Windows Media Player allows an attacker to take complete control by sending you a .dvr-ms file. Do you need to play .dvr-ms files?  I know I never have to. You can block this entire format by following the instructions here.

- MS11-094 involves loading DLL libraries over a WebDAV share. Microsoft has been having trouble with WebDAV since 2004. If you don’t use this feature (and unless you’re running Sharepoint, you probably don’t), you may just want to turn it off. Details on doing this are in this workaround. The easiest option is just to disable the WebClient service.

- Hidden in the same MS11-094 vulnerability is an instruction on how to use the Microsoft Office File Block policy. If you work in a high-risk organization and have updated to modern versions of Office, you can drastically reduce your risk by blocking old office types. Details here.

- Similarly, you can block file types that fail validation. As detailed in this workaround from MS11-096, the most common types of files used to spread malware to Office simply won’t be openable. Ask yourself whether you really need macros in old Office formats. I know I don’t.

Oracle
Even if you’re not running their database, you are likely still affected by Oracle updates. Since they purchased SUN, Oracle is now in charge of creating Java patches. Java is behind only Adobe PDF and Flash for the most exploited software. You should be patching Java just like Adobe and if you’re not (as I mentioned above), you’re likely already infected. The Oracle release notes are here. A list of bugs fixed are here.

VMware
There is a relatively minor update to VMware Update Manager 4.x. I am only mentioning it here because many people are still not in the habit of patching VMware. Remember, infrastructure (VMware, Cisco gear, hardware appliances, etc) are really just servers and need to be maintained the same way.

Details on the VMware issues are here.

Opera
For those who use the Opera web browser, note it it has been updated to version 11.60. This update includes a fix for problems involving the BEAST attack. Details are covered here.

Android
If you are running an Android phone, be aware that malware has jumped 472% since July. Sadly, there is little we can do about this other than taking basic precautions. I recommend you at least run the free version of Lookout. If you’ve rooted your phone, try to limit where you install apps from and run DroidWall to keep your apps from being too chatty. I’ll work up a guide to a more secure Android device sometime in 2012, but the above advice should tide you over for the time being.

If you’re supporting devices professionally, there are some non-free options that help out a lot. Feel free to contact us for more details.

RJS has several year-end deals that aren’t available to the general public. In fact, they’re so confidential, we can’t share them on our blog. If you want to learn more, contact your sales rep directly, call us at 1-888-757-7638 or email us at sales@rjssoftware.com. For security reasons, please do not share this offer with anybody else.

Act now! Offers good now through Dec. 31.

It’s Friday and you know what that means … another installment of RJS Friday Fun Links!

We’re currently building out a new website for our RJS Security consulting and product line. While doing some research the other day, I came across a great slideshow of “What the World’s Biggest Websites Looked Like at Launch.” Amazon’s initial look from 1995 is perhaps most shocking, but my personal favorite is the New York Times from 1996.

What do Minnesotan’s daydream about when the snow falls and the cold weather strikes? Basically running around outside without 25 pounds of fleece, fur and polyester. Right now, I’m daydreaming about Golf Digest’s list of “America’s 75 Toughest Golf Courses.” As the article warns, “These are the courses that haunt golfers’ nightmares. Approach them with caution and play them at your peril.” I think I’d trade a snapped-in-half driver right now for 80 degrees and palm trees!

The American Film Institute released their 10 best movies and TV shows of 2011. Bridesmaids, The Help, Moneyball and the upcoming The Girl with the Dragon Tattoo highlight the movie list, while favorites Breaking Bad, Game of Thrones, Modern Family and Parks & Recreation make the television list. Any big snubs?

If the relatives are in town and you’re looking for a fancy feast, check out OpenTable’s “Diners’ Choice Top 100 Restaurants.” The list of winners includes eateries in 34 states and Washington D.C. Looks like I have a road trip to plan!

Nothing in life is free … ESPECIALLY on the internet.

Unfortunately, many of us fall prey to this false belief and trust the faceless person on the other end of a “too good to be true” offer. The latest example I’ve witnessed is the “two free Southwest Airlines tickets” scam on Facebook.

I can’t tell you how many times I’ve seen this spam flash on my Facebook status feed (the above image was snipped from my feed this morning). I’d like to think I hang out with a fairly bright crowd, so I’m a bit surprised many of my friends have been this gullible. But if you think about it, the hackers are using a pretty appealing recipe for success.

1. Identify something everybody wants – airline tickets
2. Take a brand people trust – Southwest Airlines
3. Exploit today’s difficult economy by offering the bait for free

We all know most Americans are struggling to get by, so the thought of two free airlines tickets is mighty intriguing. Who wouldn’t want the ability to visit family around the holidays without paying a dime?

Unfortunately, it is completely untrue. As much as most travelers like Southwest Airlines as a company, they are still a business and no business could afford to offer free flights to thousands of individuals.

So what does one receive instead? Well, you are taken to a false replica of the Southwest Airlines website which quickly transfers you to a sign-up screen. You then award these hackers with an abundance of personal information and the ability to post their propaganda on your Facebook wall in return for the “free” tickets. The only real thing you receive is an email inbox full of additional spam messages and phishing schemes.

Please be smart and remember … if you see an offer that appears to good to be true, 99% it is.

* Have you fallen for this scam? It’s okay … here’s how you can fix it.

Same Great Support in an Easier-To-Use Package

While RJS may be best known for its software and excellent customer service, we’re also pretty good at support, too. And that great support is only going to get better with the launch of our new Support Center in January.

If you’ve never used our old support Wiki, a bit of explanation is in order. For several years, our support Wiki has served as the primary repository for all product documentation, including manuals, install and licensing information, troubleshooting articles and revision histories.

Customers have used it to enhance their product knowledge, get answers to vexing support issues, and to upgrade or install software. The site served its purpose but was messy and difficult for customers to use. It was equally difficult for us to manage and maintain. Additionally, we couldn’t extend the site to include future features like a partner portal or integrate with our support ticket software and CRM application.



The new Support Center

The first thing you’ll notice about our new support site is how great it looks. It was built to compliment our main RJS website and provide a consistent user experience across both sites.

Gone from the old support Wiki is the confusing navigation and content layout, and the poor search functionality that made using the site a lot more difficult than it should have been.

Thanks to a lot of analysis and customer feedback, we were able to simplify the site’s content and navigation and, most importantly, make it easy for you – the customer and primary user – to find the information you need.

Key Features

A support site is pretty useless if you can’t quickly find answers to your questions. That’s why we’ve bolstered our search functionality to ensure all content, including web pages, PDFs and other document types, is searched and results are logically displayed in ways that help you find what you need.

We’ve also completely revised our product pages to include tabs for install and license information, documentation, troubleshooting articles and more. Certain key products will have tutorial videos, and all products will include links to related pages so you can see the big picture of how everything works together. The new Support Center homepage will also have a prominent rotating carousel that we’ll use to notify you of important updates, product features and other issues. You’ll also be able to submit support ticket requests directly from our Support Center, so that any concern you may have is addressed as quickly as possible.

Ultimately, we hope the new Support Center helps distinguish us from our competition by giving our customers a world-class site where they can get the tools and training they need to be successful with our software. Keep your eyes peeled for an official launch announcement in the near future.

There are many exciting projects going on at RJS, so when I started this post I thought I might talk about the new security website we’re building or how we’re expanding our security offerings in 2012. But then I realized it’s December and December blog reading should be fun… so you get a post about improving your security with strategy lessons taken from Angry Birds!

In the world of Angry Birds, we have a small group of birds that are serially preyed upon by a kleptocratic monarchy of green pigs. In this world, the pigs steal the birds’ eggs and hide them in poorly-constructed shelters while the birds fling themselves at the pigs in efforts of destruction. Despite this vicious onslaught perpetrated by the birds, the pigs continue in their egg thievery, thereby allowing for a continuing series of episodes.

Clearly, there is room for improvement in terms of both offense and defense.

The Pigs

Let’s start by analyzing the Pig Empire. Their goal is to obtain eggs. It is implied they are for eating, raising the uncomfortable question as to where the pigs get their bacon. However, they are inefficient. If they were to take a lesson or two from real-life attackers, they would change their operations in the following ways:

1) Preparation

The root of their’ constant downfall is they expend insufficient effort on shelter construction. Even a cursory inspection of history would indicate a high likelihood of retaliatory avian attack, so it would be wise to prepare. The average shelter is shabbily built and falls to a mere handful of birds. If the pigs focused on quality over quantity, they could invest in sturdier materials and protect far more pigs. Building defenses prior to egg theft would result in a much more successful attack as well.

2) Planning

Another problem facing the pigs is the birds attack using a massive slingshot. I presume this provides additional impact force, but it does introduce a point of weakness. Modern attackers often focus on crippling their target’s ability to retaliate. In other words, if the pigs simply stole the slingshots when they stole the eggs, the birds would be seriously hampered in their efforts to counter-attack.

3) Sacrificial Hierarchy

It appears as though the pigs exist within a hierarchy consisting of a large king pig, a handful of mature leader pigs, some adult pigs and a large number of little pigs (that presumably cry “wee wee wee” all the way home). Malware teams have similar hierarchies, with the people funding development at the top, developers and project leaders below them, marketers below that and finally, those responsible for smuggling the money from your bank account overseas. If the pigs were to learn from this, they would hide their king and leaders in the best shelters possible, well out of reach of the birds, and draw their fire with an array of poorly defended little pigs. This structure allows for organizational continuity favoring the pigs and causes the birds to burn their resources inefficiently.

Common flaw of pig-based construction

A more secure design

The Birds

The birds seem to be structured as a loose confederation. Much in the way business owners band together to discuss and develop shared defenses, birds of more than one feather collaborate to combat the pigs’ designs. Just as there is room for improvement on the part of the pigs, there are areas where the birds could learn from the advice we give our clients as well.

1) Reduce Scope

First of all, the birds face the fundamental problem of constantly losing their eggs. The easiest way to protect against fundamental issues is to narrow the scope. If you’re protecting credit cards or health records, this means identifying the data and centralizing it for better protection. Now, in the case of eggs, there is clearly some risk from putting all one’s eggs in the same basket, but there is no rule that scope has to be limited that far. It could be limited to two or even three baskets. The key is to limit the scope as far as you can and then to boost the defenses around that area.

2) Improved Retaliation

Surprisingly, while the world of Angry Birds has a great many birds, none of them seem to be able to fly. This, as noted earlier, places them at significant risk from the loss of their slingshot. It also means their attacks must all originate from a single point. In the business world, we have several areas from which we can detect and respond to attacks. We detect attacks with technology, forward issues to security teams and law enforcement and, where needed, involve a judicial system. Similarly, an avian attack should be mounted from numerous locations. It should not require a specific bird attack from the East. Any flight-capabable bird should be able to respond to attack.

3) Agility

Agile security involves being aware of your environment, your capabilities and your attackers’ capabilities. You can then make defense plans and execute quickly in the case of attack. There are times when the appropriate response is to tighten security, others when one should involve law enforcement and still others where it makes sense to allow the attack and learn as much from it as you can.

In the case of the birds, while they seem to be masters of resource utilization (expending minimum force to achieve their goals), there is still room for improvement. Their technique works because they face an enemy that fails to adapt. If this ever changes though, it would be impossible to regain the eggs and the birds’ continued existence would be at risk. Simply reviewing the Pig Empire defenses and dynamically selecting the number, species and order of attack would allow a significant increase in agility.

Improved Attack Method Adapted To Environment

Conclusion

Perfect security is impossible so there are inevitable flaws on both the part of the birds and the pigs. While today’s birds are able to achieve their goals, if the enemy boosts their capabilities, the birds’ limited structure puts them at serious risk. The problem is that eggs keep getting stolen. If the birds improve their defensive strategy to such a point that egg theft drops significantly, the pigs might find it substantially easier to obtain sustenance from another source… Falldown 3D, perhaps.

Launching attacks is easier than defending against them. An attacker must only succeed once, but a good defender has to be vigilant all the time. A small improvement on the part of the pigs’ attack would place the birds themselves at risk of extinction. So it is essential that the birds improve their defenses and capabilities. With luck, they’ll manage to do this before things reach a point of criticality.

Single Sign-On for WebDocs – iSeries Edition to be released January 2012

Burnsville, MN – RJS Software Systems (www.rjssoftware.com), a premier provider of document management software and services, announced the debut of RJS Single Sign-On. With RJS Single Sign-On, users are able to enter their user name and password one time and then access multiple RJS applications and/or servers without signing in again. Single Sign-On combines user authentication in Windows domains with a means of mapping user authorization in those applications and/or servers.

For RJS users, Single Sign-On will increase productivity and provide much tighter security. Without the need to write down or remember multiple user IDs and passwords, phishing success by hackers and password fatigue are greatly reduced. Administrators will benefit by having fewer help desk calls for password resets and will not need to safeguard lists of multiple user IDs and passwords. Administrators will also be able to implement Single Sign-on as needed.

“We pride ourselves on creating a second-to-none user experience,” said Richard Schoen, President and Chief Technology Officer. “RJS Single Sign-On will save our customers time and money, while enhancing their security presence.”

WebDocs – iSeries Edition is the first RJS product to be enabled for Single Sign-on and will be released to our customers this January. Throughout 2012, RJS will be rolling out Single Sign-On enhancements for WebDocs – Windows Edition, WebForms, Enterprise Workflow and related client tools, like Scan Workstation, Image Viewer and Batch Import Utility.

About RJS Software Systems
RJS provides software solutions that help manage the entire lifecycle of a company’s businesses information. From front-end data capture and forms creation to managing, storing and distributing information electronically, RJS provides solutions that help businesses improve productivity, save money and make better decisions. For more information about RJS Software, visit www.rjssoftware.com.

Tis the season to be jolly! How’s the holiday shopping going? This week’s installment of RJS Friday Fun Links has a few gift ideas for you.

If you’re looking for stocking stuffers, Esquire has a great list of “Gifts Under $25 That Don’t Suck.” After perusing the list, I can verify they do indeed… not suck. Some of my favorites are the $8 coffee mug warmer, $21 mini-wood pallet coasters and the $7 fridge monkey.

If books are more your thing, this was a great year for fiction and non-fiction. National Public Radio has their lists of top mysteries, cook books, children’s books, fiction, etc. and the New York Times recently published their list of the 10 Best Books of 2011. Two books that show up on both of these lists that I’ve heard good things about are The Tiger’s Wife and The Art of Fielding.

If you’re a fan of travel and adventure, why not visit the incredibly unique Snow Village in Quebec, Canada? A replica of Montreal made of ice and snow, the Snow Village includes an Ice Hotel, igloos, a restaurant and bar, a convention center and a chapel for couples looking for a one-of-a-kind wedding.

Finally, document your holiday memories with the “iPhone App of the Year.” Instagram, an easy to use photo-sharing application, allows you to take pictures, apply neat Polaroid-like filters and easily share your creations on all the prominent social networks.