Adobe source code and customer data stolen in sustained network hack

Adobe said it suffered a sustained compromise of its corporate network, allowing hackers to illegally access source code for several of its widely used software applications as well as password data and other sensitive information belonging to almost three million customers.

Adobe dropped the bombshell revelation shortly after Krebs on Security's Brian Krebs reported that the hack began sometime in mid-August and was carried out by the same criminals who breached LexisNexis and other major US data brokers. In the course of investigating the earlier intrusions, Krebs said he happened upon a 40 gigabyte trove of source code, much of it belonging to Adobe. Adobe confirmed its ColdFusion Web application software and its Acrobat document program were among those that were stolen.

A new generation of exploits

The Acrobat software family, which is intimately linked to the nearly ubiquitous Reader application, has long been a favorite target of malware developers looking for ways to sneak their malicious wares onto people's computers. The specter of hackers having full access to the raw source code of those applications is troubling, because it could make it easier to identify bugs that can be surreptitiously exploited in drive-by website attacks.

Read 6 remaining paragraphs | Comments


Adobe Customer Information and Source Code Compromises

Original release date: October 03, 2013

US-CERT is aware of the public acknowledgement of a compromise of up to 3 million Adobe customers' information, including names and detailed account information. The source code for multiple Adobe products may also have been compromised.

US-CERT advises that Adobe customers be aware of possible fraudulent account activity. US-CERT will provide additional details as they become available.

This product is provided subject to this Notification and this Privacy & Use policy.

Bitcoin Talk forum hacked hours after making cameo in Silk Road takedown defaced

Just hours after it played a supporting role in the takedown of the Silk Road drug empire, the website suffered a hack that exposed users' personal messages, e-mails, and password data.

"To be safe, it is recommended that all Bitcoin Forum users consider any password used on the Bitcoin Forum in 2013 to be insecure," an e-mail sent to registered users stated. "If you used this password on a different site, change it. When the Bitcoin Forum returns, change your password."

User passwords were cryptographically protected using 7,500 rounds of the SHA256crypt hash function, Bitcoin Talk administrator Theymos said in a forum on reddit. That's a significant measure that could add decades or even centuries to the task of cracking passcodes that are at least nine characters and randomly generated. Still, the hack could be damaging to the privacy of users who stored sensitive communications on the site. Bitcoin Talk administrators are in the process of figuring out how the compromise happened and don't plan to restore service until after the security hole is plugged.

Read 2 remaining paragraphs | Comments


1Password 4 for Mac brings upgraded security and Wi-Fi sync

AgileBits today released 1Password 4 on the Mac App Store, a major upgrade to one of the best-known password management applications.

The application has a new design and various features aimed at making it easier to use, such as a menu bar utility. It also brings back Wi-Fi Sync, which lets users sync password data from a Mac to an iOS device without storing their encrypted keychain in Dropbox or iCloud.

AgileBits described security improvements including a new keychain design with 256-bit AES encryption keys and data integrity checks that increase resistance to tampering. The design "forestalls many attacks that haven’t even been dreamt of yet," AgileBits said. 1Password 4 development was helped along by 20,000 beta testers.

Read 6 remaining paragraphs | Comments