Adobe Hacked: Almost 3 Million Accounts Compromised 256
sl4shd0rk writes "Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its ColdFusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts."
See... this is why I torrent cracked versions. (Score:5, Funny)
Re: (Score:2, Informative)
Re:See... this is why I torrent cracked versions. (Score:5, Informative)
In related news, it turns out Adobe will give you some sort of software if you give them a credit card number. What a crazy business model!
Not for long... their new business model is that they will let you have access to their cloud if you give them a credit card number, and keep paying them regularly.
Re:See... this is why I torrent cracked versions. (Score:5, Funny)
As the article says. They'll also give your credit card to anyone else who asks their computer nicely for it too...
Seconded (Score:3, Funny)
This makes me happy to have p1r4t3d versions of CS5 and CS6.
Adobe doesn't know my details and neither do the hackers, easy peasie lemon squeezie.
Re: Seconded (Score:4, Funny)
Yes we do Dave Watson 123 Anywhere Ln. Sunnyvale, CA 95014
Ph# 408.123.4567
Spouse: Miss Michigan
Kids: Dave Jr and Susie
Re: (Score:2)
which always begin with 37.
Re: Seconded (Score:5, Funny)
Re:See... this is why I torrent cracked versions. (Score:4, Insightful)
You choose to not pay for the software that you prefer to use because you don't want to give your credit card number to Adobe? After which episode that Adobe had credit card records stolen from it did you make that decision? How long ago was that? How many times has Adobe been attacked and had customer credit card information stolen? You're sure that's not just a lame justification for not wanting to pay for the software that you prefer to use?
seeing the future verses the writing on the wall (Score:5, Insightful)
Buying a piece of software from a vendor: Adobe doesn't have your details.
Paying on a monthly basis to a software company: Adobe has your details.
Your point about the inability to see the future is intact. However, it doesn't discount being able to predict the potential future based on math and science.
Re: (Score:2)
Still not seeing the part where software piracy is justified.
Re:seeing the future verses the writing on the wal (Score:5, Insightful)
I'll take this one further:
Buying a piece of software from a vendor: Adobe doesn't have your details.
Paying on a monthly basis to a software company: Adobe has your details.
Software vendor not named Microsoft most responsible for exploits and attacks in the last 10 years: Adobe Systems
If they can't even keep something like Acrobat Reader secure, how the hell does anyone trust them with credit card information? The long road that has been "software activation" led us to this place.
Re: (Score:2)
You choose to not pay for the software that you prefer to use because you don't want to give your credit card number to Adobe? After which episode that Adobe had credit card records stolen from it did you make that decision? How long ago was that? How many times has Adobe been attacked and had customer credit card information stolen? You're sure that's not just a lame justification for not wanting to pay for the software that you prefer to use?
Shhh! I can't hear anything for all the whooshing around here!
Metachoice (Score:3)
After which episode that Adobe had credit card records stolen from it did you make that decision?
Adobe may or may have had one before.
But there are enough other companies that have, that it's easy to make a rational choice based on the probability that it will happen to a company like Adobe, based on what has happened to companies at large that attract large bases of credit card numbers - especially as Adobe has recently moving to a subscription based service where they have presumably got a lot more credit
Re: (Score:3, Funny)
I'm a programmer, not a cunning linguist. Taking things at face value is my specialty.
And I don't have to "climb up" on some high horse, you clod, I'm here all the time.
Re: (Score:2)
That's insensitive clod to you, mister!
Re: (Score:2)
I'm a programmer, not a cunning linguist. Taking things at face value is my specialty.
The way that you say this reminds me of a photograph I saw in a history textbook back in high school. I have searched and (not remembering its name) cannot locate the image or else I'd provide a link, but I believe it comes from the time of the Industrial Revolution.
It's an old black-and-white photograph. It shows a man using a large wrench or spanner on a machine. The man's back is bent into an arc and his body contorted so that he may use the wrench on something not designed with ergonomics in mind.
Re: (Score:3)
Are you thinking of this [pdx.edu] well known picture?
Re: (Score:2)
Are you thinking of this [pdx.edu] well known picture?
Yes! Thank you. It's a nuisance when you can so clearly see something in your mind's eye and know it should be easy to find, but not be able to find it because of not remembering its name. Good work.
Re:See... this is why I torrent cracked versions. (Score:4, Funny)
I have a fantastic sense of humor. Which is not mutually-exclusive with being socially retarded.
Re: (Score:2)
I have a fantastic sense of humor. Which is not mutually-exclusive with being socially retarded.
Do you mean that literally, or do you merely observe that few social conventions actually make any sense? Some of them even seem deliberately designed to inhibit personal growth.
Because in a way, that's a great big joke all by itself. It's just not nearly so funny as it could be.
Re: (Score:2)
Maybe you should give it some exercise, it seems to have grown a bit dull.
Re:See... this is why I torrent cracked versions. (Score:5, Interesting)
Especially when the break in was prior to the 17th of September and they didn't notify customer until another customer noticed Adobe source code floating around the internet October the 13th. It would seem if an outside company had not discovered the evidence of the breach Adobes customers would never have been warned that their log in details and credit card details had been stolen. Oh but the credit card details still maybe might secure because they were encrypted and those that could hack the system (likely ex-insiders and outsourcers) maybe might not have passwords for the encryption even though they had passwords for everything else.
It seems like Adobe needs to be answering some very serious question in a court of law as to why that information was withheld from customers for so long.
Re:See... this is why I torrent cracked versions. (Score:5, Funny)
Adobe have source code for a Time Machine ?
Couldn't have happened... (Score:4, Insightful)
Re: (Score:3, Interesting)
Re:Couldn't have happened... (Score:4, Informative)
Adobe have been pushing software rental for the last couple of years. This involves recurrent payments. Recurrent payments require the vendor to store credit card details, or outsource the payment processing to a third party who stores the details.
Either way, if you're renting software your credit card details are being stored.
Re:Couldn't have happened... (Score:4, Funny)
But we are talking about the people who wrote Flash...
Re: (Score:2)
It also means you are somewhat locked in to using that gateway.
If you are doing a lot of volume you will also probably want to use multiple gateways and process through whoeve
Re: (Score:2)
TBH it seems like I am getting an email every week now of some site or company having their records hacked and telling me to change my passwords.
good thing (Score:4, Insightful)
you can still buy offline standalone applications from adobe.... oh, wait.
Interesting Quote (Score:5, Insightful)
However, as far as the source code is concerned, Adobe assured that there is no "increased risk to customers as a result of this incident."
In other words, the risk is as bad as ever.
Re: (Score:2)
Re:Interesting Quote (Score:5, Interesting)
Worse. The source code included the required NSA backdoor. Now requiring to insert backdoors to manufacturers will lead to the logical consequence
We live in a society that, as Bill Hicks noted, is at about an eighth-grade emotional level collectively (he was being generous). Few people acknowledge the logical consequence, and seem to believe it magically goes away if they really, badly, truly wish hard enough or get upset enough.
I suspect the government understands the situation, however. Malicious attackers and other criminals exploiting mandatory backdoors only provides an excuse for more laws regulating the Internet and expanding executive powers. To protect you from those evil hackers, of course. If nothing else, the NSA gets their little back-door so they can more easily betray their own countrymen in the name of safety; if that goes wrong in the worst possible way, then: bonus! For the evil men who love power and know no loyalty, it's a win-win. Sadly.
Re: (Score:2)
Re: (Score:3)
Secret Code in Color Printers Lets Government Track You
https://www.eff.org/press/archives/2005/10/16 [eff.org]
Makes you wonder what a digital file could hold or have blurring reversible
Re: (Score:2)
You mean besides this [wikipedia.org]?
Re:Interesting Quote (Score:5, Funny)
However, as far as the source code is concerned, Adobe assured that there is no "increased risk to customers as a result of this incident."
In other words, the risk is as bad as ever.
I'm not sure why Adobe is being so pessimistic. This might be the first time in years that anybody who could find their own ass with both hands and a map, much less do code security, has examined the source code involved...
PDF Exploit? (Score:5, Funny)
Re: (Score:2)
Re:PDF Exploit? (Score:5, Funny)
Anyone Surprised? (Score:2)
Is anyone surprised that a company that is already battered by a poor security reputation would be compromised in this way?
That they are doing their own billing isn't surprising considering their size, but not a place I'd put a personal card number.
Re: (Score:2)
Sorry for those whose accounts were compromised. But speaking as a FOSS user, I see this as karma for all those times that Adobe made Linux look bad because Adobe Crash (aka Flash) ran worse under that OS than under MS Windows. Which isn't to say that it actually ran well under Windows, just that it ran worse under Linux and had 2x the system requirements. I even remember some Adobe engineer blaming the poor support for Linux on its fucktitude of audio (Alsa, OSS, Pulse, etc) and video system software when
I, for one... (Score:5, Interesting)
Re: (Score:2)
and create something stable and less buggy from it
Wishful thinking requiring LSD and shrooms at the same time.
Their code base for Photoshop, for example, goes back to the mid-80s. The amount of crunchy crusty cruft probably makes "cleaning it up and making it less buggy" impossible.
And if the rant from the guy who maintained the Linux fork of Flash Player, a few years ago, is any indication, anything related to Flash is spaghetti-coded.
So I'm not gonna hold my breath.
--
BMO
Re: (Score:3)
Re: (Score:2)
I think rewriting it in any language, including TECO and brainfuck might improve things.
Emacs was once a bunch of TECO macros. Which explains a lot about both RMS and emacs itself.
--
BMO
A likely attack vector (Score:2)
I bet they used Flash to get in: since Adobe seems to be pushing Flash updates about every 10 minutes lately, it's evidently got some major security problems.
Re: (Score:2)
I bet they used Flash to get in: since Adobe seems to be pushing Flash updates about every 10 minutes lately, it's evidently got some major security problems.
It's just yet another proof (as though more were needed) that security isn't something you can bolt-on after the fact. It would probably have required of them less effort to have done a rewrite from scratch, designed from the beginning with security in mind, than to have issued so very many patches and updates throughout the years.
Do they never consider that? Or I suppose it doesn't matter until something really embarassing like this happens?
Re: (Score:3)
Bolt on after the fact?
Flash has had so many patches that, if it were an actual physical thing, it would be composed entirely of welds and rivets.
Re: (Score:2)
Bolt on after the fact?
Flash has had so many patches that, if it were an actual physical thing, it would be composed entirely of welds and rivets.
It would be like Grey Goo, only produced without nanotechnology.
Re: (Score:2)
Source code (Score:3)
According to TFA :"no "increased risk to customers as a result of this incident."
Considering that Adobe products are an endless stream of security vulnerabilities and zero days, I would say this is a fair statement. You have the same risk as you had before, when you allow their products onto your machines. As for the credit card data - shame on them. Why was that even on the same network?
No cloud for you! (Score:5, Insightful)
Adobe must be the one company in the world to have a worse track record at security than Microsoft, Oracle or Mozilla. They have ignored industry best practices and been a thorn in the side of the rest of the industry for years while being oblivious to the damage their customers have suffered from their shoddy practices.
This is the same company that wants you to rely on their security as the only way to their products now that they only rent a cloud based versions of Acrobat Suite. Incidents like this are inevitable and people need to learn that their is nothing magical about the 'cloud'. Companies that have cloud dependencies for the use of their products necessarily expose all of their customers when they get cracked.
Do you trust Adobe with your security? Do you really think a company with their track record is going to get their act together?
Re:No cloud for you! (Score:4, Insightful)
Adobe must be the one company in the world to have a worse track record at security than Microsoft, Oracle or Mozilla.
...Sony?
Re:No cloud for you! (Score:5, Interesting)
This is the same company that wants you to rely on their security as the only way to their products now that they only rent a cloud based versions of Acrobat Suite.
This.
I was actually on the verge of buying some of their stuff just a week ago. Decided against it when I found out they don't sell standalone versions anymore.
Adobe != security (Score:5, Interesting)
At my work, they require us to take annual security training ... and this year, I flat out refused to take it from any of my systems ... because I had to install flash & turn on java in my web browser. I had to go to the 'training center' to take it from one of the machines there.
... not a week later, the first of the 2013 Flash vulnerabilities was announced ... then a couple of weeks later, another one ... then the Java one ...
Then I was told that I had to take the 'advanced security' training ... what was the recommendation? to turn off flash & java in your web browser.
ah, the irony.
Re: (Score:2)
Who Got Fired for This? (Score:2)
It is not like this hasn't been reported at least weekly for years for various companies.
What the hell are major companies thinking?
Dayamn! Thjs is big! (Score:5, Insightful)
This is big news. Expect untold exploits for the Adobe technology stack to emerge out of this. If someone or some group is determined to run Adobe into the ground, they are off to a good start.
Re:Dayamn! Thjs is big! (Score:5, Insightful)
Expect untold exploits for the Adobe technology stack to emerge out of this.
This. This is why people should be concerned. Open source programs have their code exposed to everyone, including those with malicious intent, and are therefor "battle hardened" for security. Closed source programs live a sheltered life and having that source suddenly available means those with malicious intent can use Adobe's relatively weak source code to develop new exploits for clients. Lots of them.
Adobe is a household name that users couldn't get rid of if they wanted to. Flash, for example, is on nearly every internet-connected PC. This is a problem for everyone.
Re: (Score:3, Informative)
Open source programs have their code exposed to everyone, including those with malicious intent, and are therefor "battle hardened" for security.
While this would the expected situation, the evidence demonstrates that it isn't.
http://www.zdnet.com/six-open-source-security-myths-debunked-and-eight-real-challenges-to-consider-7000014225/ [zdnet.com]
http://www.theregister.co.uk/2004/03/05/does_open_source_software_enhance/ [theregister.co.uk]
etc..
You can search this on your own. The general consensus is that the "many eyes" theory is flawed, and outside a few exceptions where a particular product has been security hardened beyond usual standards, most experts agree open source softwar
channeling Captain Kirk.. (Score:2)
............
CLOUUUUUUUUUD!
welp, guess it's time to get my CC changed.
Code analysis (Score:5, Funny)
So, let me recap.
Adobe just lost the source code to one of the most exposed attack surfaces known for vulnerabilities?
That'll be one hell of a peer review.
Re: (Score:3)
Safe? (Score:2)
Thank God I've never actually purchased any Adobe products. Phew, that was a close one.
The Solution is Dilution (Score:2)
yay online only creative suite! (Score:2)
most importantly.... (Score:2)
Adobe's Cloud -- In Action (Score:2)
I am so pissed off about Adobe's business model that I may never buy an Adobe product ever again.
That company can go to hell.
Virtual Credit Card Numbers (Score:5, Informative)
Next slogan (Score:2)
Adobe: You'll shit a brick!
Re: (Score:3)
Doesn't say much for the security of ColdFusion. Maybe it's time for Adobe to stop eating their own dogfood.
Re:3 million? (Score:5, Interesting)
ColdFusion is built on JRun which is the most miserable POS Java servlet container conceived by the mind of man.
Since the source code is out maybe it will get some bug fixes.
Re: (Score:2)
ColdFusion is built on JRun...
Hey, the 90's are calling, they want your comment back.
ColdFusion runs on Tomcat now.
Re: (Score:3)
It's now running on a heavily customized Tomcat that's been twisted long enough until you could no longer simply update it independently.
Re: (Score:2)
Re: (Score:2, Insightful)
Ok, I won't say gimp. How about Corel Draw?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Where did companies like Apple and Microsoft come from then?
Microsoft began with MS Basic, which, if I remember correctly, was about 8k of assembler.
Even 'Hello World' compiles to more than 8k on most modern operating systems.
Re: (Score:2)
The first two versions they made were named after the size of the code.
4k and 8k BASIC. As a kid in the early 80s, I used a lot of 4k and 8k BASIC listings and "ported" programs over to Apple, TRS-80, and TI BASIC.
Because everybody had different syntax for BASIC.
And they were named Micro-Soft at the time.
/old
//slashies on slashdot? [palin] you betcha [/palin]
///and peek and poke were the gateway drug to assembler.
--
BMO
Re: (Score:2)
Obviously, then, 640kb is way overkill.
PAYG (Score:2)
Was wondering how long it would be until this choice to rent, not sell, software would bite them in their big red A.
Re:First post! (Score:5, Funny)
Re: (Score:2, Funny)
photoshopped reflections expert here, can confirm
Re: (Score:2)
Adobe Hacked: Almost 3 Million Accounts Compromised
Were 3 millions accounts were "almost" compromised or does the poster mean "close to" 3 million accounts compromised.
Either way, thanks alot asshats.
Re: (Score:2)
Re: (Score:3, Insightful)
Re:Nothing to worry about (Score:5, Informative)
Re: (Score:2)
Shocking, truly shocking.
Oh, and yeah, the hack raised an eyebrow.
Re: (Score:2)
Adobe is so big that I doubt anything happens to their PCI status. Except a higher discount rate in the future from their current processor(s). In aggregate, the cost of which is slightly less than the calculated cost of Adobe switching processors.
Re: (Score:2)
That's fucking epic. How will Adobe continue to develop any of those applications without it?
They'll just have to start again. There will be a lot of Adobe developers putting in a lot of time to rewrite all that code.
Re: (Score:2)
Re: (Score:2)
More likely the hacker took over someone's desktop machine that was running exploitable software, and was inside the network. Now they can get to file servers, source repository, etc., as soon as the person who had that desktop signs in to those servers. They probably also took over some other desktops used by people without that access. But they just keep trying and eventually get lucky. I'm sure a lot of people there were using exploitable software.
Re: (Score:2)
Re: (Score:2)
Even with Creative Cloud, you can store your files locally, then stop paying. Knock it off with the FUD already.
Re: (Score:2)
Re:This is just adobe's way of saying... (Score:4, Funny)
stenography efforts flagged
That's why I stick to writing longhand. Take that Adobe!
Re: (Score:2)
Chart how much faster or slower