The Adobe Source Code Breach

http://gl.ib.ly/wp-content/uploads/2013/10/adobe-logo-150x150.jpgDigg This
Share on Facebook+1Share on LinkedInPin it on PinterestSubmit to redditSubmit to StumbleUponShare on TumblrShare on Twitter

It seems that a code breach bunch of people ran off with the Adobe Source Code. It is a disaster for the company not just for the IP theft but has sweeping security implications for all users of Adobe software — pretty much everyone on the internet due to the ubiquity of Flash and Acrobat.

From the article:

Security experts said  this is serious business. “This is a source code breach not just a data breach,” said Dan Hubbard, CTO of web security vendor OpenDNS. “Having source code is a huge advantage because they can more easily hunt for and find weaknesses in the code. Before they’d have to run lots of black-box testing to do that.”

Another security specialist who could not speak on the record because he works with many of these vendors, agreed. “The issue here is that these guys will be able to find vulnerabilities and develop custom malware and use it privately before it ever goes public,” he said.

The issues are far worse than attackers just reading code leading to the ability to develop better malware ; attackers can do that for most of the software running the web (OSS); though, pushing closed source to many eyes is always going to be bad. However, much more insidious, is that they can plant code wherever they damn please. Sounds like they had access to at least source (source control, worse, push?) and customer databases. If they had shell access to any of the machines then the list of things they could do are immense, it just depends on how long they had access and how bold they were. Anyways,  one mother of a cleanup is underway.

Adobe has a FAQ up to explain things. Unfortunately, when clicking on things like “What is Adobe doing in response” you’ll get an error like:

Uncaught TypeError: Object function (selector,context){return new jQuery.fn.init(selector,context,rootjQuery);} has no method 'cookie' customer-alert.html:2175
Uncaught TypeError: Object [object Object] has no method 'adobe_sso_sso' adobe-store-compressed.js:246
Failed to load resource: the server responded with a status of 400 (Bad Request) http://stats.adobe.com/b/ss/mxmacromedia/1/H.25/s32758134766481?AQB=1&ndh=1…BJava%20Deployment%20Toolkit%207.0.250.17%3BSilverlight%20Plug-In%3B&AQE=1
So, I’m not sure what Adobe is up to right now, panic stations no doubt.
http://gl.ib.ly/wp-content/uploads/2013/10/adobe-logo-150x150.jpgDigg This
Share on Facebook+1Share on LinkedInPin it on PinterestSubmit to redditSubmit to StumbleUponShare on TumblrShare on Twitter
Tagged with: , , , , , , , ,
Posted in Security

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>