Adobe source code left on unprotected server
Posted by: Jon Ben-Mayor on 11/18/2013 03:04 PM [ Comments ]
It appears that the troubles for Adobe may have just begun; after Adobe’s security team discovered that sophisticated attack on their network back in October, involving the illegal access of customer information as well as source code for numerous Adobe products, it seems that the source code was left on an unprotected server open to the prying eyes of the internet.
The hacker group responsible for the breach was also involved in compromising LexisNexis, Kroll, NW3C among other sites.
According to Naked Security, Adobe was already looking into the breach when Hold Security's Deep Web Monitoring Program independently discovered source code for the company's flagship products - Reader, Publisher and ColdFusion - on the server of a hacker gang.
Having the source code might save malicious types some time when it comes to disassembling executable files to find out what they do, particularly with the help of fully commented code, original variable names, and maybe even some helpful notes from programmers, Paul wrote, but gnarly exploits can be found without source code, and holes can gape for a long time before anybody notices, even in open source products.
At any rate, hopefully, given the lack of protection they put on the source code, the hackers who stole Adobe's code won't prove to be very adept at exploiting it.
Yahoo! warns to be really careful with what files you open right now, with what links you click and even with what emails you read (if you don't have pictures blocked). Make sure you have and are running the most up-to-date antivirus software that also scans for malware.
Also, change your passwords -- right now. Don't use the same password for different accounts, especially for your financial and email accounts.
According to Naked Security, Adobe was already looking into the breach when Hold Security's Deep Web Monitoring Program independently discovered source code for the company's flagship products - Reader, Publisher and ColdFusion - on the server of a hacker gang.
Having the source code might save malicious types some time when it comes to disassembling executable files to find out what they do, particularly with the help of fully commented code, original variable names, and maybe even some helpful notes from programmers, Paul wrote, but gnarly exploits can be found without source code, and holes can gape for a long time before anybody notices, even in open source products.
At any rate, hopefully, given the lack of protection they put on the source code, the hackers who stole Adobe's code won't prove to be very adept at exploiting it.
Yahoo! warns to be really careful with what files you open right now, with what links you click and even with what emails you read (if you don't have pictures blocked). Make sure you have and are running the most up-to-date antivirus software that also scans for malware.
Also, change your passwords -- right now. Don't use the same password for different accounts, especially for your financial and email accounts.
Comments