Adobe’s Leaky Source | TechSNAP 131

Matéria do site Jupiter Broadcasting:

Adobe blows it. A treasure trove of customer information and source code has been found, we’ll share the details.
The DNS hijacking hijinks continue, after several big sites are brought offline. Then its a huge batch of your questions, our answers, and much much more!
Thanks to:

Direct Download:

RSS Feeds:

Adobe hacked, 3 million customer records leaked

  • Adobe’s servers was compromised sometime between July 31 and Aug. 15, but the attack was not discovered until Sept. 17
  • The source code for “numerous” products was stolen, including Adobe Acrobat, Publisher, ColdFusion, and ColdFusion Builder
  • The source code leak could allow the attackers to much more easily generate a slew of 0-day attacks against Adobe products, resulting in exploits against which there is no defense
  • Sensitive information on people with Adobe accounts was also taken, including names, encrypted credit numbers, expiration dates, order history and more
  • “At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems” said Adobe chief security officer Brad Arkin
  • “Krebs also saw a list of 1.2 million potential .org domains running ColdFusion that the attackers could use as targets stored among the stolen data”
  • “Holden and Krebs discovered a 40 GB file of stolen data, Krebs reported yesterday, on the same server hosting data stolen from brokers LexisNexis, Dun & Bradstreet and Kroll.”
  • Additional companies were also compromised
  • Additional Coverage – Threatpost
  • Additional Coverage – ZDNet
  • Adobe Blog – Illegal Access to Adobe Source Code
  • Adobe – Important Customer Security Announcement
  • Adobe – Customer Security Alert

WhatsApp, AVG, Avira, Alexa websites hacked in apparent DNS hijack

  • Network Solutions is investigating an attack by a pro-Palestinian hacking group that redirected websites belonging to several companies.
  • A group calling itself the KDMS Team claimed responsibility on Twitter.
  • KDMS posted several screenshots on Twitter, including one that affected WhatsApp’s domain. + The message asserted that the region known as Palestine has been stolen, and that prisoners should be released from Israeli jails.
  • The websites affected included those of the security companies AVG and Avira; the messaging platform WhatsApp; a pornography site, RedTube; and Web metrics company Alexa.
  • Stated on the company’s blog:
    > “It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request which was honored by the provider.”
    > “Using the new credentials, the cybercriminals have been able to change the entries to point to their DNS servers.”
  • Additional Coverage:


Round Up:

Adobe’s Leaky Source | TechSNAP 131 Adobe’s Leaky Source | TechSNAP 131 Reviewed by Marcos Garcia on outubro 11, 2013 Rating: 5

Nenhum comentário:

Tecnologia do Blogger.