{"id":33684,"date":"2013-10-16T05:16:35","date_gmt":"2013-10-16T10:16:35","guid":{"rendered":"http:\/\/www.ict-pulse.com\/?p=33684"},"modified":"2013-10-16T05:16:35","modified_gmt":"2013-10-16T10:16:35","slug":"adobe-hack-concerned","status":"publish","type":"post","link":"https:\/\/ict-pulse.com\/2013\/10\/adobe-hack-concerned\/","title":{"rendered":"The Adobe hack: Why you should be concerned"},"content":{"rendered":"
The recent hack of Adobe opened millions of customers to more risks than just stolen credit card data. This post highlights some key issues emerging from the incident and precautions that should be taken.<\/em><\/p>\n Adobe Systems<\/a>\u00a0announced a couple of weeks ago, on Thursday 3 October 2013, that it was the victim of a sophisticated attack<\/a>, where information for\u00a02.9 million Adobe customer was accessed, including customer names, encrypted credit card numbers, expiration dates, and other information relating to customer orders. Also, source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products was accessed<\/a> and downloaded by the attackers.<\/p>\n Adobe publicised the breach after Brian Krebs and Alex Holden, independent IT security experts, contacted them about 40GBs of Adobe product source code found on a server used by hackers<\/a>. Adobe told them that they were investigating a possible breach since 17 September and the attack appeared to have happened around mid-August.<\/p>\n The first questions that popped into my mind when I heard about the breach were, “Why did Adobe take so long to publicise the breach? And why did it take so long to discover it in the first place?” I would think that a company the size of Adobe would have the resources capable of discovering and taking faster action on these breaches.<\/p>\n The most serious aspect of the breach though, is the source code in the hands of hackers. While getting their hands on customer information and credit card data was nice, the source code was a nice paydirt considering the number of people who run Adobe products on their computers (me included).<\/p>\n With the source code, cyber-criminals can effectively find zero-day exploits (exploits for vulnerabilities where no patch exists). Usually hackers would either have to wait for a vulnerability to be discovered in the wild, or reverse engineer patches to find the vulnerabilities. Now they could find vulnerabilities on their own and save lots of time.<\/p>\n Cyber-criminals can even compile their own malicious versions of Adobe software and pass it off as the official version. They will still have to bypass the digital signatures of the installation, but I’m sure that many people would ignore the warning.<\/p>\n The possibility also exists that the hackers may have tampered with the source code on the servers. Adobe may then release the tampered version of the software to the public. It’s unlikely, but still a possibility.<\/p>\n Considering the scope of the breach, you should take a couple of precautions:<\/p>\n While I still have questions as to how the breach took place, and why it took so long to discover it and to be notified, the horses have already bolted.<\/p>\n In this increasingly connected world, the Internet has become the new Wild West and you can expect to see many more of these high-profile attacks to come. Cyber-criminals are getting better, and unfortunately, those who are supposed to protect us are having a hard time keeping up.<\/p>\n <\/p>\nIssues to ponder<\/h2>\n
Precautions<\/h2>\n
\n