FORUMS: list search recent posts

Adobe hack worsens

COW Forums : Adobe Creative Cloud Debate

<< PREVIOUS   •   VIEW ALL   •   PRINT   •   NEXT >>
Herbert van der wegen
Adobe hack worsens
on Oct 29, 2013 at 7:13:53 pm

Not entirely unexpected news, this.

http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-millio...

(Partial?) Photoshop source code has been stolen as well.

/*----------------------------------------------------*/
System: Win7 64bit - i7 920@3.6Ghz, p6t Deluxe v1, 48gb (6x8gb RipjawsX), ATI 7970 3gb, EVGA 590 3GB, Revodrive X2 240gb, e-mu 1820. Screens: 2 x Samsung s27a850ds 2560x1440, HP 1920x1200 in portrait mode


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 29, 2013 at 7:36:27 pm

[Herbert van der wegen] "(Partial?) Photoshop source code has been stolen as well."

Worsens?


Return to posts index

David Lawrence
Re: Adobe hack worsens - 38 Million accounts and Photoshop source code
on Oct 29, 2013 at 8:33:34 pm

[Herbert van der wegen] "Not entirely unexpected news, this.

http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-millio.....

(Partial?) Photoshop source code has been stolen as well."


Yikes. This is bad.

_______________________
David Lawrence
art~media~design~research
propaganda.com
publicmattersgroup.com
facebook.com/dlawrence
twitter.com/dhl
vimeo.com/dlawrence/albums


Return to posts index


David Mathis
Re: Adobe hack worsens
on Oct 29, 2013 at 9:21:48 pm

This is not good news. Wondering how many people are going to look for another option and what effect this will have on Adobe going forward.


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 29, 2013 at 10:22:27 pm

[David Mathis] "Wondering how many people are going to look for another option and what effect this will have on Adobe going forward."

I still am waiting for an answer as to why, exactly, this is so bad? What makes you think people will look for another option outside of this for reasons above and beyond their account gets hacked.

They don't seem to engage in the same behavior (en masse at least) when banks announce they have been compromised.


Return to posts index

Dave LaRonde
Re: Adobe hack worsens
on Oct 29, 2013 at 10:44:43 pm

I would guess that there isn't mass hysteria if banks get hacked because 1) banks apparently have far better security than Adobe does and 2) people are certain that the bank will actually do something about it ASAP instead of waiting years as Adobe apparently likes to do.

Dave LaRonde
Promotion Producer
KGAN (CBS) & KFXA (Fox) Cedar Rapids, IA


Return to posts index


Chris Pettit
Re: Adobe hack worsens
on Oct 30, 2013 at 3:42:54 am

[Gary Huff] "They don't seem to engage in the same behavior (en masse at least) when banks announce they have been compromised."

Banks don't have software on my hard drive


Return to posts index

David Lawrence
Re: Adobe hack worsens
on Oct 30, 2013 at 5:11:34 am

[Chris Pettit] "Banks don't have software on my hard drive"

I was gonna say. Now that the hackers have the Photoshop source code, Photoshop is a vector for all kinds of potential mischief. Not saying it will happen, but it's a big reason why this is worse than typical credit card hacks.

_______________________
David Lawrence
art~media~design~research
propaganda.com
publicmattersgroup.com
facebook.com/dlawrence
twitter.com/dhl
vimeo.com/dlawrence/albums


Return to posts index

Andrew Kimery
Re: Adobe hack worsens
on Oct 30, 2013 at 8:42:22 am

[Dave LaRonde] "I would guess that there isn't mass hysteria if banks get hacked because 1) banks apparently have far better security than Adobe does and 2) people are certain that the bank will actually do something about it ASAP instead of waiting years as Adobe apparently likes to do."

Private info has been, and will be, stolen from banks, credit card companies, etc., and sometimes it's months before institutions like these realize they've been hacked.

[Chris Pettit] "Banks don't have software on my hard drive"

All of us already have exploitable software on your HDD. I doubt erasing PS, AE, etc., would reduce our risk factors by any meaningful metric.


[David Lawrence] "I was gonna say. Now that the hackers have the Photoshop source code, Photoshop is a vector for all kinds of potential mischief. Not saying it will happen, but it's a big reason why this is worse than typical credit card hacks."

If people wanted to cause mischief I'm sure they'd use Acrobat Reader, Flash or something else that has a much broader install base than PS.

I wonder if the stolen code contains some 'secret sauce' that PS competitors might be interested in?


Interesting article making the rounds, "I challenged hackers to investigate me and what they found out is chilling"
http://pandodaily.com/2013/10/26/i-challenged-hackers-to-investigate-me-and...




Return to posts index


Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 1:09:17 pm

[David Lawrence] "Now that the hackers have the Photoshop source code, Photoshop is a vector for all kinds of potential mischief."

Okay, what can be done with the Photoshop source code to cause mischief explicitly? What possible attack vector could be used?


Return to posts index

David Lawrence
Re: Adobe hack worsens
on Oct 30, 2013 at 4:25:13 pm

[Gary Huff] "Okay, what can be done with the Photoshop source code to cause mischief explicitly? What possible attack vector could be used?"

Image files. The hackers could embed malicious code in typical image files that are commonly downloaded from the internet. When opened in Photoshop, the code runs its exploit.

Source code opens a world of possibilities the hackers would't otherwise have.

_______________________
David Lawrence
art~media~design~research
propaganda.com
publicmattersgroup.com
facebook.com/dlawrence
twitter.com/dhl
vimeo.com/dlawrence/albums


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 4:50:09 pm

[David Lawrence] "The hackers could embed malicious code in typical image files that are commonly downloaded from the internet. When opened in Photoshop, the code runs its exploit."

What makes you think this is possible, outside of having to re-write the core Photoshop executable itself? After all, you can't open a JPEG image in Windows Photo Viewer or Preview and get an infection, and it's not like no one knows how to write out a PSD file in the first place.


Return to posts index


Chris Jacek
Re: Adobe hack worsens
on Oct 30, 2013 at 11:56:57 am

[Chris Pettit] "Banks don't have software on my hard drive"

"Who's being naive, Kay?"

Professor, Producer, Editor
and former Apple Employee


Return to posts index

Chris Pettit
Re: Adobe hack worsens
on Oct 30, 2013 at 1:54:13 pm

Are you saying my bank has software on my machine that I dont know about? I may have missed the point.


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 1:55:46 pm

[Chris Pettit] "I may have missed the point."

The point that you are trying to make, that the Adobe hack is worse than your bank being hacked because Adobe has software on your hard drive? Is absolutely ludicrous and a prime example of "grasping at straws."


Return to posts index


Michael Hendrix
Re: Adobe hack worsens
on Oct 30, 2013 at 2:03:18 pm

I think if you are running legit Adobe software, you have no worries. On the other hand, if you download a hacked version from some random site, you might be getting a copy that has software embedded, keystroke tracking or a software that pings servers on command.

They like to track keystrokes for passwords and logins, especially to corporate sites or they like to get millions of computers to ping certain servers at one time, that's how they shut them down.

It sounds to me they were most interested in Acrobat which probably meant they were looking for vulnerabilities in PDF files.



Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 2:21:38 pm

[Michael Hendrix] "On the other hand, if you download a hacked version from some random site, you might be getting a copy that has software embedded, keystroke tracking or a software that pings servers on command."

You don't need the source code to do that either.


Return to posts index

Chris Pettit
Re: Adobe hack worsens
on Oct 30, 2013 at 2:39:01 pm

[Gary Huff] "The point that you are trying to make, that the Adobe hack is worse than your bank being hacked because Adobe has software on your hard drive? Is absolutely ludicrous and a prime example of "grasping at straws.""

I didn't say any such thing. I was pointing out the difference between the 2 situations.

And for the record Gary, I never tell anyone else that their particular point of view is "ludicrous". Where I come from that's considered rude


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 3:57:36 pm

[Chris Pettit] "I was pointing out the difference between the 2 situations."

So you think a company with software on users hard drives will result in a mass exodus where the same situation where an institution has every single piece of data about your financial life gets hacked? If not, what exactly did you mean by that response to me.

Where I come from, making illogical and ludicrous rebuttals to serious topics of discussion is considered rude.


Return to posts index

Chris Pettit
Re: Adobe hack worsens
on Oct 30, 2013 at 4:00:03 pm

[Gary Huff] "So you think a company with software on users hard drives will result in a mass exodus where the same situation where an institution has every single piece of data about your financial life gets hacked? "

Didn't say that either.


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 4:05:05 pm

[Chris Pettit] "
Didn't say that either."


So you were just trying to be contrary then? I see you left out the point where I asked you to clarify what you meant by that response. I guess you didn't actually mean anything.


Return to posts index

Chris Pettit
Re: Adobe hack worsens
on Oct 30, 2013 at 4:38:30 pm

[Gary Huff] "So you were just trying to be contrary then? I see you left out the point where I asked you to clarify what you meant by that response. I guess you didn't actually mean anything."

Gary, I can honestly tell you I have no idea why you're so angry and confrontational. Nothing in my original remark should give you any reason whatsoever to feel like you're being attacked personally.

I didn't respond to your taunt because I saw no point in continuing to engage with someone who seems to simply be looking for an argument for arguments sake. But since you've now challenged my sincerity, and I don't want other members of this forum to think I don't stand by my comments:

There are all kinds of risks that we are exposed to, from credit card exposure, bank accounts, identity theft, software conflicts, on and on. There is no eliminating them. But to imply that because other risks exist, or because other risks have more potential to do damage that we should not point out that this Krebsonsecurity post doesn't present yet another new risk is beyond me.

When Adobe demonstrates that they are having trouble protecting the raw DNA of their core applications, it IS cause for concern, even if you don't think so. I'll remind you that private sector and public sector IT organizations world wide are scrambling as we speak to shore up security because of the Cold Fusion breach. Dont take my word for it:

http://quantmweb.com/blog/adobe-source-code-breach-bad-real-bad/


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 4:54:28 pm

[Chris Pettit] "Gary, I can honestly tell you I have no idea why you're so angry and confrontational."

Well, you're wrong on that first count. I'm not angry. Confrontational is a matter of opinion, so yes. It's always confrontational when you ask someone to back up what they are saying.

[Chris Pettit] "
I didn't respond to your taunt because I saw no point in continuing to engage with someone who seems to simply be looking for an argument for arguments sake."


I'm sorry, but you were the one who responded to my original point about how there is not a mass exodus from banking institutions when they get hacked. You made a point that made zero sense, thus it seems you were simply being contrary to me because I don't agree with you.

This is not going to be any worse for people who already don't install any ole "Flash update" from an Internet Explorer pop-up. It's going to give them the ability to more easily spoof fake installs of Reader and such, yes, but there are plenty of fake Adobe software installs already that pose just as much of a threat.

Everyone here is overreacting because they haven't thought through the scenarios. They just knee-jerk. Yes it's bad, but it's going to continue from here on here, over a myriad of companies, and if you want to react this way to every single one, they you might as well just bury your head in the sand.


Return to posts index

Oliver Peters
Re: Adobe hack worsens
on Oct 30, 2013 at 5:19:36 pm

FWIW - a couple of years ago JPEGs were hacked so that malicious code could easily be sent in an attached JPEG image via e-mail. Doesn't take Photoshop code to do that. Just another variation of the same issues.

- Oliver

Oliver Peters Post Production Services, LLC
Orlando, FL
http://www.oliverpeters.com


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 5:27:02 pm

[Oliver Peters] " FWIW - a couple of years ago JPEGs were hacked so that malicious code could easily be sent in an attached JPEG image via e-mail."

I revised this response because I felt it got too disjointed.

Most of the common "JPEG" attacks are filenames like "photo.jpg.exe" that isn't actually a JPEG. Back in '04, there was a buffer overrun exploit that could allow a JPEG to cause the GDI to execute code from its contents section, usually not malware itself, but enough to download the actual malware and install it.

The reason most of the malware is through files like PDF and Office documents is because their macros all for executable code within the format.

So Photoshop would have to be able to run some executable, and then the executable would have to have root access in order to download and install something without your knowledge (both Win and Mac platforms stop this from happening outside of any backdoors).


Return to posts index

Oliver Peters
Re: Adobe hack worsens
on Oct 30, 2013 at 6:00:41 pm

[Gary Huff] "So Photoshop would have to be able to run some executable, and then the executable would have to have root access in order to download and install something without your knowledge "

Agreed. Although it might be useful to look at this YouTube video to show that it can be more that just spoofing the name for an executable.







- Oliver

Oliver Peters Post Production Services, LLC
Orlando, FL
http://www.oliverpeters.com


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 7:45:14 pm

[Oliver Peters] "Although it might be useful to look at this YouTube video to show that it can be more that just spoofing the name for an executable."

I just tried it with an executable and it doesn't work (Windows does not recognize it as an executable and will only use it to display the photo, not run anything). Probably only works with these compressed files because of the way WinRAR and 7Zip use header information to figure out archives. So you can attach an executable to the image, but you would have to make use of third-party software in order to run it in the first place.


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 5:33:33 pm

[Gary Huff] "and if you want to react this way to every single one, they you might as well just bury your head in the sand.
"


Or if you let the Companies know that if they want to retain you as a customer they need to implement better security then this crap may not happen so much or at least if it does they will tell you about when it happens as opposed to months later.

What do you think customers should do Gary?

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 5:35:08 pm

[Steve Connor] "What do you think customers should do Gary?"

What they should have always been doing. Peruse their monthly statements, check their credit report at regular intervals, and don't install things just because a pop-up tells you to or an email from someone you don't know or weren't expecting anything from.

O[Steve Connor]Or if you let the Companies know that if they want to retain you as a customer they need to implement better security then this crap may not happen so much or at least if it does they will tell you about when it happens as opposed to months later.

What is "better" security? Do you believe there is such a thing as a 100% secure system? How about 95%? 90%? What do you believe is the number that is possible to attain?

Are you willing to hop between banks every time the one you are associated with announces they have been hacked?


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 5:46:25 pm

[Gary Huff] "What is "better" security? Do you believe there is such a thing as a 100% secure system? How about 95%? 90%? What do you believe is the number that is possible to attain?
"


I don't know what is better, but do you think that we shouldn't complain about it?

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 5:52:21 pm

[Steve Connor] "I don't know what is better, but do you think that we shouldn't complain about it?"

What do you think complaining about it is going to do? You yourself don't know what percent secure it can be...there's not a single company out there that hasn't been hacked in some form or another. Is it possible there IS no answer?

Besides, if you're not going to hop banks anyway, then isn't complaining just a lot of sound and fury, signifying nothing?

Where are all the people who jumped ship when social engineering gave those people access to wipe out that guy's MacBook and take over his Gmail and Twitter accounts? How many of you left Apple after that? Why not?


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 6:00:57 pm

[Gary Huff] "What do you think complaining about it is going to do? You yourself don't know what percent secure it can be...there's not a single company out there that hasn't been hacked in some form or another. Is it possible there IS no answer?

Besides, if you're not going to hop banks anyway, then isn't complaining just a lot of sound and fury, signifying nothing?"


Wow, you're a dream customer!

"there's not a single company out there that hasn't been hacked in some form or another" - do you have statistics for this or is it just pure conjecture, something that you are always keen to point out to other people when they do the same thing.

Me I like to tell Companies when I think they've f***ed up, I live in a ideal world where I think it may spur them on to do better, or at least tell us sooner when they haven't!

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Michael Hendrix
Re: Adobe hack worsens
on Oct 30, 2013 at 6:46:59 pm

It's fine to complain, Adobe should expect to hear some complaints. But no one should characterize them as not caring. How much do you think this breach cost them?

Trust me, many people at Adobe care.

I think the discontent on the thread is, "Are people being extra critical of Adobe because of the subscription model?"

I think the answer is yes and that's what I am reading into the argument, are you pounding your fist harder on the table at Adobe than you would your bank?



Return to posts index

Rich Rubasch
Re: Adobe hack worsens
on Oct 30, 2013 at 7:23:10 pm

And it is ONLY because of the subscription that this is an issue with Adobe. If I paid with a credit card and have a box sitting on a shelf I'd feel pretty secure. But if my credit card was signed up in an active file to be withdrawn from each month for perpetuity I'd see the risk as much greater. By the time I upgraded my card would be expired anyway and most likely Adobe would not store the info on an active account with regular withdrawals.

I still get disgruntled when I see that $15 charge on my account for my little Muse subscription....

Rich Rubasch
Tilt Media Inc.
Video Production, Post, Studio Sound Stage
Founder/President/Editor/Designer/Animator
http://www.tiltmedia.com


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 7:46:56 pm

[Rich Rubasch] "And it is ONLY because of the subscription that this is an issue with Adobe. If I paid with a credit card and have a box sitting on a shelf I'd feel pretty secure. But if my credit card was signed up in an active file to be withdrawn from each month for perpetuity I'd see the risk as much greater."

You can go down to Best Buy and pay cash for a year's subscription up front, so that's totally a non-issue.

Besides, if you have a credit card, then don't you use it, so SOMEONE has its information somewhere? I fail to see how this is any worse.

Do you insist on not having to check your statement every month?


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 7:48:10 pm

[Michael Hendrix] "Trust me, many people at Adobe care.
"


Yes of course

[Michael Hendrix] "I think the discontent on the thread is, "Are people being extra critical of Adobe because of the subscription model?""

Some are

[Michael Hendrix] "I think the answer is yes and that's what I am reading into the argument, are you pounding your fist harder on the table at Adobe than you would your bank?"

Absolutely not, I pound my fist at ANY company that loses my CC records, especially ones that hold off making it public for a while. I know it's a fact of life, but that doesn't mean I don't have a right to complain when it happens.

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Michael Hendrix
Re: Adobe hack worsens
on Oct 30, 2013 at 8:22:25 pm

I said you have every right and should complain. I was just pointing out that this issue is being used as evidence for why you should not join the Cloud. Maybe not by you, but by others.

To me, what happened here doesn't really add much to the Creative Cloud debate.



Return to posts index

David Lawrence
Re: Adobe hack worsens
on Oct 30, 2013 at 7:37:41 pm

[Steve Connor] "Me I like to tell Companies when I think they've f***ed up, I live in a ideal world where I think it may spur them on to do better, or at least tell us sooner when they haven't!"

Agreed. When the seventh largest software company in the world loses their source code, I'd call that a pretty major f**K-up. Not to mention the fact that the customer account breach is more than an order of magnitude larger than first reported. And I'm willing to bet this is still just the tip of the iceberg.

I think we can agree this is bad for Adobe and bad for customers.

_______________________
David Lawrence
art~media~design~research
propaganda.com
publicmattersgroup.com
facebook.com/dlawrence
twitter.com/dhl
vimeo.com/dlawrence/albums


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 7:52:48 pm

[David Lawrence] "I think we can agree this is bad for Adobe and bad for customers."

Of course it is. But if this is a now-touted reason for not joining CC over any other reason...well, then to be consist you must pay all of your bills through snail mail by check (which isn't idea, but a lot of times you simply can't swing by the office and pay in case), NOT have a credit card AT ALL, and keep every single one of your machines disconnected from the Internet so that you don't accidentally click on that fake Flash install popup under Internet Explorer.

There are legitimate reasons why someone may not want to go the CC route, but starting to tout this as a big reason why just makes the people who do look like Chicken Littles.


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 8:38:03 pm

Wow, lots of typos in that, still getting used to SwiftKey.


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 7:50:37 pm

[Steve Connor] ""there's not a single company out there that hasn't been hacked in some form or another" - do you have statistics for this or is it just pure conjecture, something that you are always keen to point out to other people when they do the same thing."

Probably should have hedged my bets more because I'm sure there's some mom and pop store in rural Vermont that you could throw in my face, but still.

[Steve Connor] "Wow, you're a dream customer!"

Yes, because it's always black or white, isn't it? Perhaps because I fail to see how complaining can solve everything if Adobe was up to industry standards in security and they still got hacked.

Now, if they had tried to short-cut security to save some money, you'd probably have more of a valid reason to complain. But, still, I think your slactivism doesn't really mean much for causing any change.


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 8:45:26 pm

[Gary Huff] " I think your slactivism doesn't really mean much for causing any change."

Good attitude, my vote doesn't count either!

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

David Lawrence
Re: Adobe hack worsens
on Oct 30, 2013 at 9:10:49 pm

[Steve Connor] "Good attitude, my vote doesn't count either!"

That's right, Steve. Don't complain and don't vote. The corporations always know what's best for us in this best of all possible worlds.

_______________________
David Lawrence
art~media~design~research
propaganda.com
publicmattersgroup.com
facebook.com/dlawrence
twitter.com/dhl
vimeo.com/dlawrence/albums


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 9:31:14 pm

Burn that strawman! Burn it gooooood!!!


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 9:44:03 pm

[Gary Huff] "Burn that strawman! Burn it gooooood!!!"

Only after you've finished with yours.

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 9:51:34 pm

Are you referring to something specifically? I would be disappointed if this comment was nothing more than, "I know you are, but what am I?"


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 9:41:28 pm

[David Lawrence] "[Steve Connor] "Good attitude, my vote doesn't count either!"

That's right, Steve. Don't complain and don't vote. The corporations always know what's best for us in this best of all possible worlds."


Well he's if they tried their best and they used "industry standard" security, what else could they do?

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 9:49:11 pm

Actually if you could answer what you specially think Adobe could be doing differently in response to your complaining on a Internet forum, then perhaps I could be enlightened.

Additionally, perhaps you could provide some examples demonstrating adobe being lax in security that led to this hack, specially in contrast to what is utilized in your personal banking service?


Return to posts index

David Lawrence
Re: Adobe hack worsens
on Oct 30, 2013 at 10:30:32 pm

[Gary Huff] "Actually if you could answer what you specially think Adobe could be doing differently in response to your complaining on a Internet forum, then perhaps I could be enlightened. "

Well they could start by not waiting 6-months to inform customers that their account data has been breached. And they could report the real numbers instead of fudging by a factor of ten.

Then they could address the fact that hackers have stolen their crown jewels and explain what they intend to do to insure the safety of their products. Imagine if Microsoft had to reveal that the source code for Office was stolen. This is a big deal.

BTW, I agree hacking is a fact of life in the connected world. But this episode makes management look deeply incompetent. Further eroding trust when Adobe can least afford it.

_______________________
David Lawrence
art~media~design~research
propaganda.com
publicmattersgroup.com
facebook.com/dlawrence
twitter.com/dhl
vimeo.com/dlawrence/albums


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 10:53:02 pm

[David Lawrence] "Well they could start by not waiting 6-months to inform customers that their account data has been breached."

Yes, I agree with this if they knew the full extent of the breach 6-months ago, as opposed to just saying, "We've been hacked and that's all we know." and then have little pieces of information trickle out over those 6-months. If they held onto info like this and only released it when they were required to, then that's a problem.

[David Lawrence] "And they could report the real numbers instead of fudging by a factor of ten."

If it was an absolute known fact (as opposed to a guess) that 38 million records had been obtained instead of the originally reported 3.8 million, than that is also a problem and if they intentionally fudged those numbers on the original reports, that's a REALLY big problem.

[David Lawrence] "Then they could address the fact that hackers have stolen their crown jewels and explain what they intend to do to insure the safety of their products. Imagine if Microsoft had to reveal that the source code for Office was stolen. This is a big deal."

I can already tell you what they intend to do to insure the safety of their products: their code will address vulnerabilities as they are revealed.

There have been malware infested Word documents for DECADES that was generated without the need for having the source code to Word. There are malware infested PDFs as well. I don't think you realize that simply having the source code doesn't just allow this sort of thing to magically happen. PSD is a format that is pretty well known and unless there's already a way to get code run outside of Photoshop on the OS level (a level that won't include root access on the kinds of machines that run the latest versions of PS anyway) is a tall order. So it's not an automatic given. Reader and Flash are far more interesting in this regard, but they've already been used to deliver malware six ways from Sunday anyway.

[David Lawrence] "But this episode makes management look deeply incompetent."

Outside of the timing, what about this episode makes management look incompetent on this front?

Back in the early 2000s, Valve was hacked and the source code to Half-Life 2 was stolen, and yet Gabe Newell is still reigning as CEO and seems to be doing a helluva job.


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 11:05:43 pm

[Gary Huff] "[David Lawrence] "But this episode makes management look deeply incompetent."

Outside of the timing, what about this episode makes management look incompetent on this front?"


So waiting six months to tell us and then releasing the wrong figures isn't enough?

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 11:14:08 pm

[Steve Connor] "So waiting six months to tell us and then releasing the wrong figures isn't enough?"

That has nothing to do with the origins of the security breach. Incompetence means that they are not good at their jobs. If the 6 months were for reasons other than not being good at their jobs, then they are not incompetent. Dishonest, possibly, but it wouldn't be incompetent.

I get the sense that there are a lot of specific words being thrown around that perhaps the writer of those words doesn't fully grasp their meaning.


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 11:19:39 pm

[Gary Huff] "I get the sense that there are a lot of specific words being thrown around that perhaps the writer of those words doesn't fully grasp their meaning.
"


and I get the sense that someone appears to be a one man apologist for Adobe at the moment.

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 11:29:32 pm

[Steve Connor] "and I get the sense that someone appears to be a one man apologist for Adobe at the moment."

No, I just don't care for people spouting off nonsense that they actually know nothing about. If you have evidence for your claim, then show it. Otherwise, stop using it to bash a company simply because you don't like the model they have chosen for how you buy their software. It makes you look petty.

If there is an issue, it should speak for itself. But this situation is being so overblown that it's ridiculous.

If you start sounding crazy, it's going to be harder to convince people to hold off for you.


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 11:36:55 pm

[Gary Huff] "If you have evidence for your claim, then show it. "

Good grief 37 MILLION accounts stolen!!!! If that's not evidence of their security not being good enough then what is?

[Gary Huff] "Otherwise, stop using it to bash a company simply because you don't like the model they have chosen for how you buy their software. It makes you look petty."

That's not the reason I'm complaining, I'm a CC subscriber from Day 1, I like the CC model, I'm probably going to give them my new CC information to to continue it.

I just don't like having my data stolen and I imagine there are quite a few million other people who may be unhappy about it as well, is that so very hard to understand?

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 11:41:10 pm

[Steve Connor] "Good grief 37 MILLION accounts stolen!!!! If that's not evidence of their security not being good enough then what is?"

You have no idea what, if anything, could be done differently, so I don't know where you get off.

Until you have a solution, you are just noise. Until you have evidence that shows willful misconduct (not saying there wasn't, but no one has shown the slightest bit of evidence that they either know what they are even talking about, or that Adobe did anything that is not at least standard for security in their systems) then you are just blowing a lot of hot air to help fill what was previous a pretty slow forum here.


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 11:47:14 pm

[Gary Huff] "You have no idea what, if anything, could be done differently, so I don't know where you get off.
"

I get off because they lost MY credit card data that damn well makes me invested in this problem


[Gary Huff] "Until you have evidence that shows willful misconduct ("

Who the f*** said anything about wilful misconduct?


[Gary Huff] "then you are just blowing a lot of hot air."

Pot kettle black!

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 11:50:40 pm

[Steve Connor] "I get off because they lost MY credit card data that damn well makes me invested in this problem"

Hey, they lost my card data too...well maybe. I got the letter so I assume they did, don't know how they know exactly for sure, or if they just sent it to everyone just in case.

[Steve Connor] "Pot kettle black!"

Expected.


Return to posts index

David Lawrence
Re: Adobe hack worsens
on Oct 30, 2013 at 11:30:14 pm

[Gary Huff] "There have been malware infested Word documents for DECADES that was generated without the need for having the source code to Word. There are malware infested PDFs as well. I don't think you realize that simply having the source code doesn't just allow this sort of thing to magically happen."

It's not magic, but it's a different level of access. I think you underestimate the potential mischief it enables.

[Gary Huff] "Outside of the timing, what about this episode makes management look incompetent on this front?"

Source code is a software company's lifeblood. If management of the seventh largest software company in the world is too inept to keep their core IP safe, why would anyone trust them with anything? Feel free to disagree, but I say they've been majorly caught with their pants down. Valve is infinitesimal compared to Adobe. I can't think of another software company this big with this many customers getting hit this hard.

_______________________
David Lawrence
art~media~design~research
propaganda.com
publicmattersgroup.com
facebook.com/dlawrence
twitter.com/dhl
vimeo.com/dlawrence/albums


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 11:39:18 pm

[David Lawrence] "Feel free to disagree, but I say they've been majorly caught with their pants down."

You do realize that upper management has literally zero to do with the day-to-day routine of where the source code is stored and network security, don't you? The only way they are truly culpable is if they cut financing or in some way hobbled the IT department's ability to do its job. If you have evidence that this was the case, I will wholeheartedly agree with you that it is, ultimately, their fault.

But I don't think they personally have the expertise to deal with any of this, and thus had to rely on the help of those who claimed to.

Symantec had its source code stolen. Look at all the viruses that were injected into people's systems through its own software! Or not.

Facebook too! Oh noes! Good thing he never did anything with it.

I hope none of you use VMWare, because you are malware city now!

Or utilize anything using Cisco products.

Really, given this "sky is falling" knee-jerking in here, you'd think the Internet has had to already gone up in flames from all this code leaking out.


Return to posts index

Ricardo Marty
Re: Adobe hack worsens
on Oct 31, 2013 at 2:25:42 am

When you have in your system maybe hundreds of thousands of dollars in work, how does this compare with hacking of a words doc>

The fact is that adobe still doesn't have a complete knowledge of the scale of the attack so it could very well be that other adobe programs have been compromised maybe even premiere.

This attack seems more than just about the money I think the hackers are against what adobe stands for and what it could mean for the industry at large.

Adobe Systems (NASDAQ:ADBE) has a security mess on its hands following a cyber break-in that the company admitted to earlier this month — unlike 1995 film Hackers, though, this hack was anything but righteous. Previous reports of the attack on company data seem to have downplayed the damage, now estimated to have penetrated more than 38 million customer accounts, according to Reuters.

When the breach was publicized on October 3, Adobe said that data like credit card info were taken from only around 3 million customer accounts. The company added that Adobe IDs and encrypted passwords stored on a different database had also been accessed, but did not give numbers or estimated damages on that information.

According to Heather Edell, a spokeswoman for Adobe who spoke to Reuters, the perpetrators found “many invalid Adobe IDs, inactive Adobe IDs, Adobe IDs with invalid encrypted passwords and test account data.” Source code was also stolen, notably from Photoshop software, Acrobat, ColdFusion, and ColdFusion Builder.

Edell noted that Adobe is currently still contacting the users who will be affected and looking into all system breaches in more detail. “Our investigation is still ongoing. We anticipate the full investigation will take some time to complete,” she said to Reuters, allowing that while Adobe is not aware of any unusual or suspicious activity on accounts following the break-in, that doesn’t mean credit card information and passwords are not being used in follow-up attacks.

According to Ars Technica, the publicity service PR Newswire may have been the victim of the same individuals behind the Adobe hack in a data invasion in March. PR Newswire reported that it would begin efforts to contact customers earlier this month, with recommendations on who should change their passwords.

While PR Newswire also says its investigations are not complete, the company did note that the biggest customer groups affected were in regions of Europe, the Middle East, Africa, and India. Chief Information Security Officer Alex Holden from Hold Security LLC said to Reuters that users of PR Newswire would make fiscally tempting targets for hackers wanting to mess with financial markets.



Ricardo


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 10:38:44 pm

[Gary Huff] "Actually if you could answer what you specially think Adobe could be doing differently in response to your complaining on a Internet forum, then perhaps I could be enlightened.

Additionally, perhaps you could provide some examples demonstrating adobe being lax in security that led to this hack, specially in contrast to what is utilized in your personal banking service?"


WTF would I know about it apart from my personal banking service has never lost my CC data, NO OTHER Company I have dealt with, big or small has lost my CC data, therefore I would say that considering the scale of the loss then Adobe's security was more lax than many others.

If you seriously think that Adobe couldn't have done any more to stop this happening, how the hell do you think they will stop it happening again?

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 10:54:13 pm

[Steve Connor] "WTF would I know about it apart from my personal banking service has never lost my CC data"

Who do you use to bank with? And I said hacked, not lost your CC data specifically. Not everyone with an Adobe account got their information breached either.

[Steve Connor] "NO OTHER Company I have dealt with, big or small has lost my CC data,"

This is probably just you being ignorant of hacking episodes regarding these companies.


Return to posts index

Steve Connor
Re: Adobe hack worsens
on Oct 30, 2013 at 11:00:54 pm

[Gary Huff] "Who do you use to bank with?
"


One of the major Banks in the UK who have NEVER had a major loss of CC Data

[Gary Huff] "This is probably just you being ignorant of hacking episodes regarding these companies.
"


Good argument, I think you've definitively proved your point, I just haven't spotted the many and not unusual or negligent episodes of lax security with the other Companies I deal with.

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 30, 2013 at 11:12:03 pm

[Steve Connor] "One of the major Banks in the UK who have NEVER had a major loss of CC Data"

Curious you refuse to name it and refer to it as a "major loss"...what qualifies as a "major loss" vs a minor one?

Was it Barclays? Or Standard Chartered maybe? HSBC perhaps?


Return to posts index

David Mathis
Re: Adobe hack worsens
on Oct 30, 2013 at 10:12:49 pm

[Steve Connor] "Well he's if they tried their best and they used "industry standard" security, what else could they do?"

Hire someone who knows what they are doing not some incompetent management team.


Return to posts index

Ricardo Marty
Re: Adobe hack worsens
on Oct 31, 2013 at 2:47:06 am

Could the fact that adobes systems director just sold 1 million of his shares portend to anything?

Valueact Holdings, L.p. who is Director at Adobe Systems Inc. (NASDAQ:ADBE), sold 1,066,894 shares at $53.22 per share for a total value of $56,780,099. The shares recently traded at $53.06, down $0.16, or 0.3% since the insider sale.

Ricardo


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 31, 2013 at 3:14:01 am

[Ricardo Marty] "Valueact Holdings, L.p. who is Director at Adobe Systems Inc."

Putting this in Google brings up an entire page of results that are all the same exact quote. Plus, unless Valuact Holdings, L.P. is a single individually-owned company, this sentence makes no sense.


Return to posts index

Ricardo Marty
Re: Adobe hack worsens
on Oct 31, 2013 at 3:28:52 am

Read it here.

http://finance.yahoo.com/q?s=ADBE


Return to posts index

Gary Huff
Re: Adobe hack worsens
on Oct 31, 2013 at 3:36:32 am

[Ricardo Marty] "Read it here."

That doesn't clarify anything. Just a link to "wallstreetcheatsheet.com" with the same exact quote that is found on numerous websites via Google.


Return to posts index

<< PREVIOUS   •   VIEW ALL   •   PRINT   •   NEXT >>
© 2017 CreativeCOW.net All Rights Reserved
[TOP]