Spyware, Viruses, & Security forum


NEWS - October 04, 2013

by Carol~ Forum moderator / October 4, 2013 1:46 AM PDT
Adobe To Announce Source Code, Customer Data Breach

October 3, 2013

Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its ColdFusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts.

KrebsOnSecurity first became aware of the source code leak roughly one week ago, when this author — working in conjunction with fellow researcher Alex Holden, CISO of Hold Security LLC — discovered a massive 40 GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll. The hacking team's server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat.

Continued: http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/

* * * * * * * * *

Adobe Breached, Acrobat and ColdFusion Code Stolen Along with 2.9M Customer Records

October 4, 2013

Attackers accessed customer IDs, encrypted passwords as well as source code for a number of Adobe products, Adobe chief security officer Brad Arkin announced.

Arkin said Adobe is working with law enforcement on the breach in which attackers accessed source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and possibly other Adobe products.

"Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident," Arkin said in a statement.

Arkin called the attacks on the Adobe network "sophisticated," and that information on 2.9 million customers was removed from the company's machines, including customer names, encrypted credit and debit card numbers, expiration dates and other information used in customer orders.

Continued : http://threatpost.com/adobe-breached-acrobat-and-coldfusion-code-stolen-along-with-2-9m-customer-records/102522

Reactions from the security community to the Adobe breach
Adobe source code and customer data stolen in sustained network hack
Post a reply
Discussion is locked
You are posting a reply to: NEWS - October 04, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 04, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
US indicts 13 suspected members of Anonymous
by Carol~ Forum moderator / October 4, 2013 3:12 AM PDT
.. hacking collective

The United States brought criminal charges against 13 suspected members of the hacking group Anonymous on Thursday for allegedly attacking government, credit card and lobbying websites in a campaign in support of internet file-sharing.

A grand jury indictment of the 13 people was filed in US district court in Alexandria, Virginia, charging them with conspiracy to intentionally cause damage to protected computers as part of Anonymous' Operation Payback.

The loose-knit international group known as Anonymous has been in frequent battle with US authorities, not only over file-sharing but also other ideological causes such as the willingness of financial institutions to process donations for the anti-secrecy group WikiLeaks.

Continued: http://www.theguardian.com/technology/2013/oct/03/anonymous-hacking-members-indicted

Feds Charge 13 Members Of Anonymous In 'Operation Payback' Attacks
13 Members of Anonymous Indicted on Hacking Charges
US charges 13 Anonymous members for DDoS attacks
Collapse -
Bitcoin Talk forum hacked hours after making cameo in..
by Carol~ Forum moderator / October 4, 2013 4:29 AM PDT
.. Silk Road takedown

"Database of private messages and password data may be in the wild, admins warn."

Just hours after it played a supporting role in the takedown of the Silk Road drug empire, the Bitcointalk.org website suffered a hack that exposed users' personal messages, e-mails, and password data.

"To be safe, it is recommended that all Bitcoin Forum users consider any password used on the Bitcoin Forum in 2013 to be insecure," an e-mail sent to registered users stated. "If you used this password on a different site, change it. When the Bitcoin Forum returns, change your password."

User passwords were cryptographically protected using 7,500 rounds of the SHA256crypt hash function, Bitcoin Talk administrator Theymos said in a forum on reddit. That's a significant measure that could add decades or even centuries to the task of cracking passcodes that are at least nine characters and randomly generated. Still, the hack could be damaging to the privacy of users who stored sensitive communications on the site.

Continued: http://arstechnica.com/security/2013/10/bitcoin-talk-forum-hacked-hours-after-making-cameo-in-silk-road-takedown/

Bitcoin forum hacked in aftermath of Silk Road takedown
Bitcoin Talk forum hacked; Database for Sale by Hacker; Website currently down
Collapse -
Gang Behind Adobe Hack Hit Other Unnamed Companies
by Carol~ Forum moderator / October 4, 2013 4:55 AM PDT

The attackers behind the Adobe hack and breaches against data brokers such as LexisNexis have also been linked to similar intrusions against other unnamed organizations. Security expert Alex Holden, who along with security blogger Brian Krebs uncovered the data lost in the Adobe breach, said those compromised organizations are being notified.

"We don't want to disclose who they are because they may still be unaware of the incident and may be still vulnerable," Holden told Threatpost today.

Adobe went public with some details on its breach late yesterday; the company was compromised sometime between July 31 and Aug. 15, and the attack was not discovered by Adobe until Sept. 17. The company disclosed that in addition to the hackers accessing source code for a number of products including Adobe's ColdFusion Web application server, Acrobat, Publisher and possibly other products, close to three million customer records, including encrypted credit card numbers, were stolen.

"I would characterize the breach as one of the worst in U.S. history," Holden said, "because the source code of an end user product such as Adobe Reader and Adobe Publisher was breached and leaked. This allows additional attack vectors to be discovered and viruses to be written for which there are no defenses.

Continued: http://threatpost.com/gang-behind-adobe-hack-hit-other-yet-unnamed-companies/102527

Collapse -
Lavabit founder refused FBI order to hand over email ..
by Carol~ Forum moderator / October 4, 2013 4:55 AM PDT
.. encryption keys

The email service used by whistleblower Edward Snowden refused FBI requests to "defeat its own system," according to newly unsealed court documents.

The founder of Lavabit, Ladar Levison, repeatedly pushed back against demands by the authorities to hand over the encryption keys to his system, frustrating federal investigators who were trying to track Snowden's communications, the documents show.

Snowden called a press conference on 12 July at Moscow's international airport, using a Lavabit address. The court documents show the FBI was already targeting the secure email service before the invite was sent.

Levison is now subject to a government gag order and has appealed against the search warrants and subpoenas demanding access to his service. He closed Lavabit in August saying he did not want to be "complicit in crimes against the American people".

Continued: http://www.theguardian.com/world/2013/oct/03/lavabit-ladar-levison-fbi-encryption-keys-snowden

Cheeky Lavabit *did* hand over crypto keys to US government after all - printed in a 4-point font
Snowden's email provider gave crypto keys to FBI - on paper printouts
Collapse -
Lessons learned from Microsoft's botched KB 2859537 patch
by Carol~ Forum moderator / October 4, 2013 9:03 AM PDT

"Dust has settled on Microsoft's most destructive Automatic Update in recent history and one fact stands out: Registry cleaners can wallop your system"

Whenever someone starts dissecting problems with Microsoft updates, people always want to point fingers: Microsoft did this wrong, software manufacturers did that wrong, and IT departments and/or users obviously screwed up something in the middle.

Life's rarely that simple, and August's notorious KB 2859537 Windows kernel patch offers plenty of gray areas worth mulling. In a surprising twist, though, it's apparent that damage was done by one or more overzealous Registry cleaning programs.

In today's Windows Secrets Newsletter (subscription required), Microsoft MVP and MS Answers Forum moderator Susan Bradley has pieced together the full story about KB 2859537. I reported on the "avalanche of bug reports" appearing shortly after the patch rolled out the Automatic Update chute on Aug. 13 -- BSODs, systems crashing inexplicably, malfunctioning applications (including IE), systems that wouldn't start -- a veritable tar pit of problems.

The problems were so pervasive and inscrutable that a week later I issued a call to help Microsoft fix the patch. Dozens of you responded, and several of you worked with Microsoft to try to identify the source of the problem.

Turns out, there were several sources of problems.

Continued: http://www.infoworld.com/t/microsoft-windows/lessons-learned-microsofts-botched-kb-2859537-patch-228123

Microsoft's Patch Tuesday Turns 10: A Decade of Botched Updates and Broken PCs
Take Time to Reflect as Microsoft Patch Tuesday Turns 10

Collapse -
I hope all of the folks
by itsdigger / October 4, 2013 9:25 AM PDT

that come to this forum suggesting that people fix their computers by using a registry cleaner will read this thread.

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

CNET Holiday Gift Guide

Looking for great gifts under $100?

Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.