It seems every few weeks we have new and even more intrusive breaches in the security of some critical product. The most recent high profile case unfortunately involves Adobe. Here is an excerpt from their Chief Security Officer:
Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.
Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.
So the first step is to change your password, and I am assuming that you do not share passwords with other services, but if for some strange reason you have done so, please change them all.
That would have been bad enough, but then there was also this…
Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident.
So, Adobe source code is in the wild! If like me you have got into the habit of ignoring the constant requests to update Adobe related products (I am looking at you Adobe Reader), you may now want to be a bit more judicious with that decision making process. I believe it is only a matter of time before we see a legit zero-day exploit for one or more of their products.