FORUMS: list search recent posts

Adobe Password Hashes Decrypted

COW Forums : Adobe Creative Cloud Debate

<< PREVIOUS   •   VIEW ALL   •   PRINT   •   NEXT >>
Gary Huff
Adobe Password Hashes Decrypted
on Nov 11, 2013 at 8:19:31 pm

From Ars Technica:

How Adobe’s messy password breach can spill to sites like Diapers.com


As Ars explained last week, Adobe's storage of the 130 million passcodes was almost a textbook example how not to manage highly sensitive login credentials.

First time I have heard that they weren't doing their due diligence. Someone needs to be fired over this then, the person tasked with implementing the security plan for Adobe's network, and any upper management who interfered with anything pertaining to how security was implemented (whether by blocking funding or resources to the department, or insisting they have their say on a topic that they are ignorant on).

As for me, my Adobe.com credentials have been for Adobe and no one else (and I have changed my password). So I'm not worried about those password hashes.


Return to posts index

Steve Connor
Re: Adobe Password Hashes Decrypted
on Nov 11, 2013 at 8:46:35 pm

Now can I be angry at Adobe Gary?

Steve Connor

There's nothing we can't argue about on the FCPX COW Forum


Return to posts index

Gary Huff
Re: Adobe Password Hashes Decrypted
on Nov 11, 2013 at 9:50:00 pm

[Steve Connor] " Now can I be angry at Adobe Gary?"

There's a difference between being angry and going "LOUD NOISES!!! THE SKY IS FALLING! SOMETHING BAD IS ABOUT TO HAPPEN BUT I DON'T KNOW WHAT!!"

No matter if you're right or not, I will always question the latter if you don't have anything concrete to bring.


Return to posts index


David Lawrence
Re: Adobe Password Hashes Decrypted
on Nov 11, 2013 at 9:54:43 pm

[Gary Huff] "No matter if you're right or not, I will always question the latter if you don't have anything concrete to bring."

Gary, with all due respect, there's no question Adobe f**ked up royally here. Angry customer feedback is the only way to get a corporation's attention and get them to do better.

_______________________
David Lawrence
art~media~design~research
propaganda.com
publicmattersgroup.com
facebook.com/dlawrence
twitter.com/dhl
vimeo.com/dlawrence/albums


Return to posts index

Gary Huff
Re: Adobe Password Hashes Decrypted
on Nov 11, 2013 at 10:14:47 pm

[David Lawrence] "Angry customer feedback is the only way to get a corporation's attention and get them to do better."

Unless they figure they can just ride it out until people forget.

That happens enough to be a safe bet.


Return to posts index

David Lawrence
Re: Adobe Password Hashes Decrypted
on Nov 12, 2013 at 12:57:25 am

[Gary Huff] "Unless they figure they can just ride it out until people forget.

That happens enough to be a safe bet."


That's exactly right.

And that's exactly why it's absolutely essential that Adobe customers continue expressing their anger and frustration as loudly as possible in as many places as possible.

What you dismiss as:

[Gary Huff] ""LOUD NOISES!!! THE SKY IS FALLING! SOMETHING BAD IS ABOUT TO HAPPEN BUT I DON'T KNOW WHAT!!""

is actually the customer feedback that in the long run forces Adobe to change.

Silence = acceptance. I say stay angry, stay loud, and stay civil. And hopefully in a year or two, Adobe management gets a clue and we'll all be happy Adobe customers again.

_______________________
David Lawrence
art~media~design~research
propaganda.com
publicmattersgroup.com
facebook.com/dlawrence
twitter.com/dhl
vimeo.com/dlawrence/albums


Return to posts index


Gary Huff
Re: Adobe Password Hashes Decrypted
on Nov 12, 2013 at 1:10:02 am

[David Lawrence] "Silence = acceptance. I say stay angry, stay loud, and stay civil. And hopefully in a year or two, Adobe management gets a clue and we'll all be happy Adobe customers again."

I'm not worried about silence. I guess you missed my point?

Most people where bitching about something that they didn't seem to know enough about to form a coherent opinion.

For me, it all hinged on, "Did Adobe do all due diligence to protect itself from these attacks?"

No one could really give me an answer.

But Ars Technica's articles on the subject are enlightening to the fact that, no, Adobe did not do its due diligence in protecting itself from this kind of hack.

Therefore, people may now commence with their bitching.

The difference is, I provided sources that have expert opinion on the matter...not speculation or just anger based on nothing that I can show as evidence.


Return to posts index

David Lawrence
Re: Adobe Password Hashes Decrypted
on Nov 12, 2013 at 1:28:01 am

[Gary Huff] "The difference is, I provided sources that have expert opinion on the matter...not speculation or just anger based on nothing that I can show as evidence."

Fair enough. I guess for me, the fact that Adobe lost their source code was all the evidence I needed. But I get your point. At least now we can all agree that Adobe blew it. ;)

_______________________
David Lawrence
art~media~design~research
propaganda.com
publicmattersgroup.com
facebook.com/dlawrence
twitter.com/dhl
vimeo.com/dlawrence/albums


Return to posts index

David Lawrence
Re: Adobe Password Hashes Decrypted
on Nov 11, 2013 at 9:51:02 pm

"Given the number of real-world passwords at stake and the ease of decrypting them, the Adobe breach is shaping up as one of the seminal events in the unfolding history of cracking."

Sounds like a pretty big deal to me.

_______________________
David Lawrence
art~media~design~research
propaganda.com
publicmattersgroup.com
facebook.com/dlawrence
twitter.com/dhl
vimeo.com/dlawrence/albums


Return to posts index


Aindreas Gallagher
Re: Adobe Password Hashes Decrypted
on Nov 12, 2013 at 1:03:33 am

it goes to their core competence delivering this kind of rental situation. They figure they can weather it, and they are broadly battened down - they aren't engaging substantively on this or any other forum as far as I can see.

No one from adobe has been near here or the dispute threads at adobe in ages - they're locked into building the subscriber base. the credit card numbers could get sold visibly to criminal maniacs and you would be pulling teeth to get a word out of them - they barely care.

the entire adobe system right down to the PR guys whose names you would barely remember - hey kevin, dennis etc whoever you were - are completely focused in on generating the rental base now. No more friendly chats, no more visible adobe. Thats all gone.

millions of un-hashed passwords were dumped into the wild, presumably through their total incompetence, it possibly cost people in terms of identity theft, and Adobe marched on in near complete PR silence.

How exactly is that not crappy group dynamic behaviour? Within a company? given that nearly silent response to that scale of failure?

Does this not feel like a slightly dodgy company lately? and nevermind the mooney saviour language their reps come out with about the adoption rates they say they see internally?

does all this realistically feel on the up and up?
Is everybody comfortably familiar with this new model Adobe hitting your bank account every thirty days?

seriously?

http://vimeo.com/user1590967/videos http://www.ogallchoir.net promo producer/editor.grading/motion graphics


Return to posts index

Gary Huff
Re: Adobe Password Hashes Decrypted
on Nov 12, 2013 at 3:15:27 am

[Aindreas Gallagher] "Is everybody comfortably familiar with this new model Adobe hitting your bank account every thirty days?"

I am. I signed up after this all happened, for the new updates, all of which are running nicely.

AMEX is good about catching activity that doesn't match my typical purchasing habits, I routinely check my statement, my password is a random mixture of numbers, letters, and symbols that is not used anywhere else on the Internet, and I don't open PDFs from people I don't know, or from people I know but I am not expecting a PDF from.

Not sure where a vulnerability lies with me.


Return to posts index

Ridley Walker
Re: Adobe Password Hashes Decrypted
on Nov 12, 2013 at 3:42:10 pm

[Gary Huff] "Not sure where a vulnerability lies with me."

Gee Garry, this sound like "I'm alright Jack, too bad about you." – a bit smug and self-serving.

It seems that Adobe hasn't had *our* best interests at heart. We should all be concerned about what this bodes for the future.


Return to posts index

Gary Huff
Re: Adobe Password Hashes Decrypted
on Nov 12, 2013 at 9:36:28 pm

Do you leave the doors to your car unlocked? Drive without a seatbelt? Routinely carry large amounts of cash as you walk through bad neighborhoods?

These are "best practice" things you should be doing regardless of who is hacked or not. If you're not doing it, I have less sympathy for you.


Return to posts index

Ridley Walker
Re: Adobe Password Hashes Decrypted
on Nov 12, 2013 at 10:27:49 pm

[Gary Huff] "These are "best practice" things you should be doing regardless of who is hacked or not. If you're not doing it, I have less sympathy for you."

Not everyone is as savvy as you profess to be.

My mother, among others, despite many cautionary tales and suggestions for 'best practices', does not always follow the safest path online.

If Adobe has not contacted all affected customers how are they to know whether their security has been compromised and they may need to change their passwords? Not everyone is aware of this breach or what it may signify to them.

Not everyone among the millions whose account information was stolen from Adobe is a professional. Adobe has the lion's share of responsibility here, not their customers. It was Adobe after all that didn't follow best practice and stored customer information in a less than secure manner.

I'm happy to hear you are OK and hope you stay so.


Return to posts index

Gary Huff
Re: Adobe Password Hashes Decrypted
on Nov 13, 2013 at 1:38:39 am

[Ridley Walker] "My mother, among others, despite many cautionary tales and suggestions for 'best practices', does not always follow the safest path online."

My mother refuses to backup her massive Outlook .PST file of all the emails she has gotten throughout the years, a PST file that represents the only location where those email exists. I tell her every time I see her that she needs to do that, get a drive, and I will do it for her when I am up there, but she doesn't want to bother.

I'm not going to complain about Microsoft when her hard drive goes down and all those emails are lost. It would be ludicrous for me to do so.

Now, of course, I'm sure you're just waiting to jump in and say, "See?! You don't want us to complain about anything!" But of course, there are things you can complain about that make you look petty and ignorant. Adobe DOES have to let us know, but because I follow the basic best practices of conducting business online, there's not much more I need to do.

Now if you used 123456 as your password for Adobe, Facebook, Gmail, ect. ect., you don't get a pass. You had it coming.


Return to posts index

<< PREVIOUS   •   VIEW ALL   •   PRINT   •   NEXT >>
© 2017 CreativeCOW.net All Rights Reserved
[TOP]