Adobe Breach Compromised Over 38 Million Users, Photoshop Source Code

rjmarvin writes "Adobe's investigation into the massive data breach they were hit with this past August has revealed that over 38 million active users, not to mention inactive accounts, had their user IDs and passwords pilfered by hackers. An Adobe spokesperson confirmed the number, along with the theft of Adobe Photoshop source code. The initial report earlier this month put the extent of the breach at only 3 million credit card accounts, plus stolen Adobe Acrobat, Reader and ColdFusion source code."

We can always hope

[nospam007]

The breach was made possible by a bug in Adobe Acrobat Reader I hope.
That would be Karma.

Re:We can always hope

[gmuslera]

The next breach will be made possible using the NSA backdoor that the hackers found in Flash Player source code.

Re:We can always hope

[dgatwood]

In my experience, it's a safe bet that any company that cuts as many corners as Adobe does in one area probably cuts corners in almost every other area. This leads to the obvious question of whether the crackers will find any serious security holes in Photoshop and exploit them. Given how much they seem to resist fixing even the most trivial bugs in Photoshop, I'd be willing to bet that the entire codebase is an unholy cesspool, which means it is probably rife with security holes, too.

Re:We can always hope

[X0563511]

I think we can all agree that there's no need for an NSA-specific backdoor in that piece of crap...

Re:We can always hope

[dhaines]

...they seem to resist fixing even the most trivial bugs in Photoshop...

Adobe fixes bugs! They save up all the fixes then charge for them in the next release.

Re:We can always hope

God help you if you open an untrusted .PSD

Re:We can always hope

[BoRegardless]

"probably cuts corners in almost every other area" uh let's make that 'always cuts corners ...'

Re:We can always hope

Yeah, Reader crashes on me every day. It can't keep a PDF open for 24 hours, even when the PC is idling. Good riddance!

Re:We can always hope

I don't know, a flaw in Flash or CodeFusion would also be just deserts. The real question isn't even how they got in, but what took them so long.

Re:We can always hope

[tbuddy]

Now that we have no more perpetual licensing the issue of having to pay for a next release is a non-issue. They still haven't pushed out a compelling feature for my licenses to merit upgrading, however.

Re:We can always hope

Chthulla lives there.

Re:We can always hope

[Press2ToContinue]

have you tried Foxit? I've been using it instead of adobe for years now. Lighter, faster, more stable, less annoying.

Re:We can always hope

[drinkypoo]

Is there a version of Photoshop with both perpetual licensing and content-aware fill? I'm not throwing rocks at resynthesizer, but...

Re:We can always hope

[hcs_$reboot]

Well, if the source code is as intuitive and well designed as Photoshop, they've nothing to worry about.

Re:We can always hope

[beckett]

CS6 has content aware fill.

Re:We can always hope

[dbIII]

which means it is probably rife with security holes, too

Considering that their "encryption" which they had a Russian imprisoned for "cracking" was a cipher written about by Julius Caeser and has been used as code wheel toys printed on the back of cereal boxes I'd say that is a very safe bet.

Re:We can always hope

Tried it. Dumped it when it insisted on installing every asian language pack as a separate critical security update.

Re: We can always hope

[tom229]

Maybe someone can examine the source code now and explain to me once and for all why Photoshop takes 30 minutes to install when gimp takes 30 seconds.

Re:We can always hope

[Press2ToContinue]

Yeah that is annoying, but I kept it for the performance boost.

Re: We can always hope

[dgatwood]

Or why PS takes minutes just to launch.

With Photoshop "open sourced"

[RunFatBoy.net]

I can finally write that lens flair javascript library

-- Jim
Weekly feedback for your website.

Re:With Photoshop "open sourced"

Lens flair?

Re:With Photoshop "open sourced"

[ElectricTurtle]

How many pieces?

Re:With Photoshop "open sourced"

[Stormwatch]

It's a very stylish lens.

Re:With Photoshop "open sourced"

[X0563511]

Is that what they implemented in the recent Star Trek movies?

Lens Flair: Using lens flares to add flair.

Re:With Photoshop "open sourced"

[Gilmoure]

I you're allergic to Retnox 5...

Re:With Photoshop "open sourced"

As my high school art teacher put it, "lens flare == bad; lens flair == good"

Re:With Photoshop "open sourced"

[dgatwood]

Oops. I think you just a word there.

Re:With Photoshop "open sourced"

[sconeu]

It has to have flair... it works at Tchotchkes. It needs at least 15 pieces of flair!!!!

Re:With Photoshop "open sourced"

[Cryacin]

The source code was written in the late 80's

Re:With Photoshop "open sourced"

He accidentaly the whole thing.

Re:With Photoshop "open sourced"

He what?

Re:With Photoshop "open sourced"

[gravis777]

For Photoshop? Why? There is already a lens flair filter included

http://www.youtube.com/watch?v=eG9fRbZLqEs

Aggro bat breeder attacks!

I thought the whole cold fusion thing was a Photoshopped hoax...

Seriously.

This is becoming a legitimate reason to pirate software rather than buy it.

Re:Seriously.

[tbuddy]

High cost and stagnant development weren't enough?

The untold story

[dysmal]

The untold story is that the hackers tried to give back the source code but Adobe said NO GIVE BACKS!

Re:The untold story

[0x15e]

Awww ... I was going to make that joke about the CF source. If only I had mod points.

Re:The untold story

[icebike]

Given the level of bloat in Photoshop and Acrobat, I'm amazed the hackers had enough disk space and time to download it.

Re:The untold story

[X0563511]

95% of the codebase is the secret bug-generator. They just made sure not to pull down that external repository.

Re:The untold story

[K.+S.+Kyosuke]

Given the level of bloat in Photoshop and Acrobat, I'm amazed the hackers had enough disk space and time to download it.

The source is actually only 370 KB. The rest comes from C++ template instantiation.

Re:The untold story

[RocketRabbit]

Oh come on, they probably accelerated their download with the Adobe Download Manager.

Re:The untold story

Wasn't there a bug in Gnu C++ that causes it to keep compiling C++ templates a few decades ago.

No News Is Good News

Adobe hasn't notified me of anything so my data must be safe. Right?

Right?

Re:No News Is Good News

[icebike]

Adobe hasn't notified me of anything so my data must be safe. Right?

Right?

I got dozens of different notices. They had links to places where I could change my password. Lots of different places.

I could forward you a few if you want.

Re:No News Is Good News

You should have received an email like this back in August, but Adobe only sent the message out on 23-Oct-2013 (20 days after they announced it and 2 months after the breach):

From: email@mail.adobesystems.com
Date: 23/10/2013 4:58 AM

Important Password Reset Information

To view this message in a language other than English, please click here.

As we announced on October 3, 2013, we recently discovered that an attacker illegally entered our network and may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. In addition, please be on the lookout for suspicious email or phone scams seeking your personal information.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and are working aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.

Adobe Customer Care

Note that that say encrypted password... dumbasses!

Cloudy skies

[girlintraining]

So how's that new "Cloud all the apps" thing working out for you guys so far? Ah. I see you leaked pretty much your whole database of people who had signed up for it. Well then, carry on.

In other news, I hope your new strategy crashes into the dirt so hard the only thing that'll be memorable about Adobe in 5 years will be is the case study on it in business classes around the world on how not to do it.

Re:Cloudy skies

[aiadot]

Whether the cloud strategy is working or not doesn't matter. As long as artists, web designers, graphic designers, wannabes, etc, keeping using Photoshop et al for everything they do, even when is completely unnecessary either because there are cheaper, sufficient or better alternatives depending on the job, Adobe has no need to listen to reason. They'll still be making all the money they want.

Re:Cloudy skies

[CaseOfThaMondays]

I'll admit I did not read the article but have heard and read on other sites. My understanding though is this has nothing to do with "Cloud all the apps". The app is still located on your machine and run from your machine, but what got hacked was the database of the renter/owners, their private data, and some source code for some of their products. Excuse my ignorance, but how does this have to do with cloud based apps?

Re:Cloudy skies

What would you recommend as a good alternative to Photoshop? I've tried GIMP but the interface is terrible. Paint.Net is OK but somewhat limited.

Re:Cloudy skies

[dbIII]

The jokes on you with this old worn out troll script - recent photoshop versions adopted the gimp multi-window interface instead of that annoying single window thing.

Re:Cloudy skies

The jokes on you with this old worn out troll script - recent photoshop versions adopted the gimp multi-window interface instead of that annoying single window thing.

?

I have CS5.1 and it definitely works in a single window. Haven't tried CS6 yet, but I'd definitely described CS5.1 as "recent". This page suggests that any change that may have occurred is an option that has to be specifically selected.

Would suck to be them

[jones_supa]

I know we're gonna get all the "ha ha, it's an evil megacorp anyway", but damn it must be stressful moments to some of the folks at Adobe. :/ Especially if the source code leaks turn out to be true.

Re:Would suck to be them

...it must be stressful moments to some of the folks at Adobe. :/ Especially if the source code leaks turn out to be true.

Why would Adobe be afraid of source code leaks? Did the guys who "acquired" the code say they're going to start running valgrind, purify or coverity...

Re:Would suck to be them

Well, Clapper told us today that "everyone does it." So it's all good. Hackers spy too. Everyone does it! Adobe would be naïve to think they can keep secrets. What are they, the NSA? Oh wait...

Re:Would suck to be them

[sconeu]

Allow me to introduce you to a new word... Schadenfreude.

Re:Would suck to be them

You know, it serves them right.

After that whole Creative Cloud disaster, it's about time they start learning it the hard way. If only someone would come up with a competing line of products... It's kind of sad that this screw-up of a company is the leading provider of creative software...

Also, I started giving all those cloud services the finger. I'm fed up with my personal information being treated like open source.

Re:Would suck to be them

Yeah, how horrible it would be if the source code was leaked everywhere and people were able to see how the software they (or others) run on their computers actually works.

Re:Would suck to be them

[InfiniteLoopCounter]

I know we're gonna get all the "ha ha, it's an evil megacorp anyway", but damn it must be stressful moments to some of the folks at Adobe. :/ Especially if the source code leaks turn out to be true.

Leaking the source will be a big embarrassment for Adobe. I mean given the quality of the applications there will probably be lots of comments on top of functions that say:

We have no idea what this function does. The guy who wrote it left and it is used for backwards capability. It is also tied into main areas of the program and can't be removed.

Re:Would suck to be them

[pwizard2]

The rest of the world can finally see how god-awful their code really is.

Re:Would suck to be them

Isn't that German for BankerFraud?

Oh no!

Oh no! Stolen!? I hope they get their source code back soon!

Re:Oh no!

[king+neckbeard]

I don't. Their source code would be better off in the hands of just about anybody else, including monkeys with typewriters.

Re:Oh no!

[Mordok-DestroyerOfWo]

I don't. Their source code would be better off in the hands of just about anybody else, including monkeys with typewriters.

I was under the impression that it was initially created by monkeys with typewriters.

Re: Oh no!

Please do not insult monkeys!

Re:Oh no!

[Cryacin]

including monkeys with typewriters.

It's unfair to marginalize the support team like that. They work hard.

Re: Oh no!

or typewriters...

Re:Oh no!

[LordWabbit2]

No offense, but if their code was so shit why did anyone bother stealing it?
Why are they the dominant leaders in their particular area of expertise?
Just because you don't like closed source software does not mean it is shit code.
I have seen plenty of shit code in open source code myself.

Re:Oh no!

[Seraphim_72]

Oh you are so full of shit.

There isn't a single line of Shakespeare in there anywhere!

;)

Re:Oh no!

No offense, but if their code was so shit why did anyone bother stealing it?
Why are they the dominant leaders in their particular area of expertise?

It's called first mover advantage. They were the first to come up with several important ideas, including the idea of a bitmap editor that allows you to organise an image in several layers. Because of this they have acquired a large number of customers, which allows them to spend large amounts of money in keeping their feature list ahead of the competition, thus completing a self-reinforcing cycle.

(Capture: "vanguard". WTF... is /. psychic?)

Is it time...

[ADRA]

I keep hearing about this breach and that breach, but what I'd love to see are some seriously ambitious groups of skilled security engineers standing up to help encourage good security practices that are widely recognized and standardized. The networked computing eco-system is so intertwined and desperate that how can any Jack or Jill admin be expected to have a fair set of skills in their toolbox to tackle such a hurdle? To expect any or ALL admins to have enough competence to just know the depth and complexity of a highly enabled enterprise is very unlikely.

For a possible first step, lets consider blocking broadcasts by default. All computers fall into 255.255.255.254 and rely on tight enforcement of shared communication as a reasonable start.
A second may be for all communications channels to be flagged with security credentials of the communications user (or machines), or anonymous for completely un'authorized' communications and rely on block by default as a sane start. Allow 'users' to reach out to unsecured locations if you like, but make sure that their connection to secured resources are a lot harder to reach (and fully audited when performed)

Anyways, this is a huge problem which is at least in part to why this happens over and over again. I could say X, and 100 experts will give me 101 answers to why its the most stupid solution in the world, so.... enjoy!

Re:Is it time...

[X0563511]

I'm not really sure what network and OS security has to do with application security?

Re:Is it time...

[dnaumov]

I keep hearing about this breach and that breach, but what I'd love to see are some seriously ambitious groups of skilled security engineers standing up to help encourage good security practices that are widely recognized and standardized.

According to the people with actual decision-making power, this would be too expensive. The end.

The Code was Photoshopped,,,

[Press2ToContinue]

so it wasn't real anyway.

Hmm... Source Code...

[wjcofkc]

While I fully realize that it would be both wrong and illegal, with the Photoshop source code in the wild, is it possible some of it could added to or at least quietly re-engineered into OSS projects? Real CMYK support for Gimp would be like birthday + xmas combined times a million.

Re:Hmm... Source Code...

Then it would have years of intense auditing. See: ReactOS

Re:Hmm... Source Code...

[fatphil]

If GIMP wanted CMYK, then it could have done it a decade ago when it was first asked for. When they were laughed at for not having it. Repeatedly.

Re:Hmm... Source Code...

[wjcofkc]

Yea, I know. But I can still dream!

Re:Hmm... Source Code...

[XanC]

According to their FAQ:
http://www.gimp.org/docs/userfaq.html#cmyk

"It is clear from the product vision that GIMP eventually needs to support CMYK, but it is impossible to say when someone finds the free time and motivation to add it."

So they're not anti-CMYK, it just hasn't been done yet.

Re:Hmm... Source Code...

[jones_supa]

"It is clear from the product vision that GIMP eventually needs to support CMYK, but it is impossible to say when someone finds the free time and motivation to add it."

Sounds like another open source project with inappropriate funding. Sometimes it's nice to use commercial software just because of that: when the company can throw good cash at developers, they are motivated to work hard on new features.

Re:Hmm... Source Code...

[larry+bagina]

That's a good idea. Hopefully, it will turn out like *BSD/ATT/Linux - while Adobe spends 10 years suing GIMP over the source code, a better image program will be developed by an asshole Finn with terrible body odor.

Re:Hmm... Source Code...

[mark-t]

CMYK and more should be there for 2.10, once GEGL and babl are fully incorporated.

Re:Hmm... Source Code...

[0123456]

Sounds like another open source project with inappropriate funding.

They have much more important things to do. Like crippling the 'Save As' window so it can now only 'Save As' GIMP format, and you have to 'Export' to save a JPEG.

Re:Hmm... Source Code...

[excelsior_gr]

Correct, like 16-bit support, native RAW support, single-window GUI (that they fixed in the last version, after many years of discussion), and a name that makes sense.

It's not that the GIMP people will ever go and say "see, we told you that CMYK support is useless, who's laughing now?". Granted, almost nobody cares about CMYK support in GIMP, but the software still has a looong way to go and why shouldn't they want to have CMYK support?. I work with it almost daily as a hobbyist photographer and there are a lot of things that need to be added/fixed.

Re:Hmm... Source Code...

The GIMP was finished after they put in the lens flare and beveled edge effects.

Re:Hmm... Source Code...

[fatphil]

Being an amateur photographer, I wanted to design my own business cards for one of my businesses. Being exclusively linux/FOSS, I tried GIMP. On screen, I was quite proud of what I'd designed. Until I saw it on card.

Alas, my bold ambers came out a kind of bilberry blue in the test run of the cards. It's my belief that until I've got end-to-end RAW/CMYK, all I will be able to do is tweak curves and pay for another test run (less than 5e for 36 cards, and the kinds of people I'm giving these to don't care about the visuals, so it's an annoyance rather than a disaster). No idea how many iterations will be necessary.

Re:Hmm... Source Code...

[brantondaveperson]

Did they ever fix the problem with layers not being unbounded? In photoshop, the size of a layer is effectively infinite. in the sense that it doesn't get clipped to the image extents. In GIMP, the layers are of a fixed size, and anything pasted into them is clipped to the image size.

Also, if I move a layer so that it's partially off the image, I now can't draw into parts of that layer.

Madenning.

Re:Hmm... Source Code...

Nah, this is a great change. Export remembers your last used settings too.

Re:Hmm... Source Code...

[rasmusbr]

Yes, but now that the Photoshop source is leaked they could just copy-paste the CMYK code into their project and hit compile.

Re:Hmm... Source Code...

[sI4shd0rk]

While I fully realize that it would be both wrong

Illegal perhaps, but there's nothing wrong about it.

Re:Hmm... Source Code...

[tbuddy]

Any decent output device will have to mean an EFI or APPE device, because pretty much everything else is balls at converting, including the bulk of rips which are old JAWS Short of it is if you don't have a $3000+ RIP upgrade you are going to get garbage if you don't normalize first.

Re:Hmm... Source Code...

[Agent+ME]

Layers have their own size, potentially distinct from the image size. You can make the layer larger than the image boundaries.

Re:Hmm... Source Code...

when the company can throw good cash at developers, they are motivated to work hard on new features.

That's exactly why commercial software is so crap: they throw cash at product managers and developers to implement new features instead of fixing the broken functionality they already have to improve the "user experience". The result: layer of shit upon of layer of shit.

Businesses only see $profit in new features, not in customer service nor in customer satisfaction. I used to think Net Promoter Scores were crap, but if they were mandatory and public I expect there would be sea changes in the way business is done.

Re:Hmm... Source Code...

You fool! You've slashdotted them!

Re:Hmm... Source Code...

[brantondaveperson]

I know that, it's just an unnecessary imposition of an implementation detail on my workflow. Why should I have to bother? Photoshop's layer's have never behaved like this, and neither have the layers in any image editing application I've ever used (Corel Paint, Paint.NET etc).

it's just another example of Gimp's problems, that it seems unlikely will ever be fixed. And I find it hard to imagine a scenario in which Gimp's fixed size layers would ever be anything other than annoying.

Re:Hmm... Source Code...

For a beginner even copy/cut and paste of portion of a image was really hard in GIMP. Why can't one do these on the same layer as in any other paint program?

Re:Hmm... Source Code...

[readacc]

It's not like Photoshop doesn't have its own stupid idiosyncrasies. After using the GIMP for a while I went back to Photoshop for some extra work and realized that you can't just middle-click and pan the image around in PS like you can in GIMP. Sure, in PS you can hold down the spacebar and left-click-drag, but you can do that in the GIMP as well, it's just the GIMP has the middle-click-drag feature which is common in a lot of tools and for some reason isn't present in PS. I find that oddly amusing.

Re:Hmm... Source Code...

No. I'm going to stop using the POS now.

Re:Hmm... Source Code...

Having used it for a while, I tend to agree with you. But couldn't they at least cut "export" down to two variants instead of three (Export, Export to, Overwrite)? Or at least explain wtf the point is? As far as I can tell, no more than two of them is possible at any time, and you can't even set the same keyboard shortcut for the two that never appear together, and seem to be used for the same thing, but at different times (I think it's "export" and "overwrite" - both being "write this to the (non-XCF) file with the same name).

Re:Hmm... Source Code...

Sounds like another open source project with inappropriate funding.

They have much more important things to do. Like crippling the 'Save As' window so it can now only 'Save As' GIMP format, and you have to 'Export' to save a JPEG.

It's OK: they did this for Photoshop compatibility (Photoshop has been unable to "save as" any format that doesn't support layers since circa CS4, IIRC).

In the "cloud", when it rains it pours

[JoeyRox]

That way when there's a breach your creative suite files can rain on 50 different countries at the same time, all at the speed of light.

Linux port!

[Arashi256]

Bring it! :D

Why was the sourcecode even on the server?

[Nyder]

Anyone else wondering why the sourcecode was even able to be accessed? Seems like a stupid thing to have on a web server, or able to access from a web server.

That's like leaving a laptop sitting on a seat in car while you are out shopping/whatever.

Re:Why was the sourcecode even on the server?

i have same question. i must be missing some details, but why would a company put source code for a commercial product on a computer/server connected to the internet? umm

Re:Why was the sourcecode even on the server?

[rasmusbr]

Didn't the article say that they stole a ton off usernames and passwords?

You could try to use those username-password combinations as your dictionary and try to connect to a server that you believe provides access to the source... All it takes is one developer with source access who's sloppy with his passwords.

Re:Why was the sourcecode even on the server?

So people from remote locations/offices/homes can access it. Why would it be on the same network as the website, though?

Re:Why was the sourcecode even on the server?

You think that's bad? GIMP puts all of their source and even the bug tracker on publicly accessible web servers.

Re:Why was the sourcecode even on the server?

Ever hear of SSH or VPNs? There's no reason for it to be accessible from the public internet.

Re:Why was the sourcecode even on the server?

[Gogo0]

after penetrating the webserver, you use that as a staging area to launch attacks on other parts of their internal network that are now visible to you.
oftentimes admins use the same credentials across many different assets, so information gathered from penetrating their webserver can be used to gain access to other systems.
of course, this is what DMZs, ACLs, and other security measures are meant to mitigate.

Re:Why was the sourcecode even on the server?

[gravis777]

That would still leave tens of millions of usernames that do not have access. Any half-way decent security software should see failed login attempts from a certain range of IPs and blacklist it - or at least flag that server's admin and Adobe's Information Security team.Source code should also not be kept on a server in the DMZ. So either
1) Adobe was a complete idiot and had zero security
2) Adobe's VPN system got compromised and the internal network has little security (possible)
3) it was an inside job (my guess)

Re:Why was the sourcecode even on the server?

[nine-times]

Have we gotten a full accounting of what kind of breach it was or how it happened? They may have compromised an internal system.

Such is the beauty of the cloud to cybercrooks.

[Dega704]

Even the best of security practices does little to dissuade them when all of the eggs are in one basket.

Re:Such is the beauty of the cloud to cybercrooks.

[BoRegardless]

Not only that, but Adobe wants to move ALL their customers to the cloud!

Creative Cloud Crap

I wonder how the asshole(s) that decided that hosting everything in the cloud feels now?

I wonder how people feel about Adobe having all of their CC information in the cloud?

Adobe will pay for the poor decisions it's Management Team has made. I feel sorry for the employees that will feel the effects of this.

AFA The Managerment Team goes: You Reap What You Sow. Everyone of you should be replaced.

My Photoshop CS2 serves me very well and will continue to do so until Gimp catches up. (I realize I might be dead before that happens, but one can hope that that won't be the case).

Re:Creative Cloud Crap

[Ol+Olsoc]

My Photoshop CS2 serves me very well and will continue to do so until Gimp catches up. (I realize I might be dead before that happens, but one can hope that that won't be the case).

And I'm on CS3. But you are correct about upgrading. Adobe and their business model of us having to spend thousands every 2 years on the new suites, and now wanting us to just install a pipeline from our wallets to their bank account, was getting creaky a few years back. Which of course is why you are still running CS2, and me CS3.

Software as a service is fatally flawed, Adobe has found that out. It will be interesting to see their astroturf project re this.

Re:Creative Cloud Crap

[pwizard2]

My Photoshop CS2 serves me very well and will continue to do so until Gimp catches up.

Me too, especially since CS2 is effectively free now. Adobe shut down the activation servers earlier this year so they actually gave out activation-free CS2 installers AND their serials. It's the only non-douchebaggy thing Adobe has done in recent memory.

Re:Creative Cloud Crap

[intermelt]

Gimp will never catch up (you will be dead). This isn't about humoring yourself. This isn't even about Adobe Creative Cloud. This is about a breach. They don't have that many Creative Cloud subscribers yet. They have approximately 30 full time programmers. If this were a Creative Cloud breach then 38,000,000 * 50 = $1.9 billion a month. Really? That comes to $6.3 million per developer. Take 90% out for expenses and you are still at $633,000 per developer. Not the case.

That being said. The only information Adobe has on me is my name, email and possibly credit card number. All useless information. I don't have to put any of my files in "the cloud" it is just a convenience if I decide to. Just like... dropbox, gdrive, etc.

If someone really wanted your personal information they would break into your house during the day while you were at work (you do work?) and just take you hard drive. Probably under 3 minutes. No tail. No explanation. Done. Then come here and complain about your info being in the cloud.

If you use Adobe products professionally your CS2 won't last long. The people are moving to CC. Adobe is a real product that is unfortunately not open-source, yet it costs less than your internet or phone on a monthly basis. Or even less than a tank gas. Tell me how that is wrong. You don't make money off your gas. You make money off their professional products.

BTW... I run several open-source businesses. I believe in it. But certain products can't be open sourced if you want quality.

Re:Creative Cloud Crap

[UltraZelda64]

Getting creaky, "just" a few years back? It got old over a decade ago for me. And sorry, but demanding $650 for a fucking bitmap editor is just robbery. Which is why I never bothered to buy it, and years ago bought Paint Shop Pro (back when it was still by Jasc), and have long since switched to Paint.net and finally (after switching from Windows to Linux in 2006) the GIMP. I never did get the point behind Photoshop anyway... it's beyond slow, bloated and just a nightmare to find anything that you need. Its menu system is a trainwreck.

Re:Creative Cloud Crap

However if you go that route, don't forget to look for the CS2 updates. Some aspects of that version are buggy as hell without them. Yet it's not too bad once the patches are installed.

Re:Creative Cloud Crap

You're trolling and ill-informed. I can't speak for versions prior to CS3, but recent versions of Photoshop are much faster than GIMP whether it's starting the program (GIMP takes nearly twice as long) or applying a filter. You clearly have little experience actually using Photoshop and certainly not a recent version. You can tell the UI designer of GIMP is not a graphic artist as they hog most of the screen real estate for cluttered toolboxes and huge sliders. The default Photoshop UI gives you a lot of room to work with and is far more customizable. GIMP also lacks style and adjustment layers and has a terrible automation system that relies on writing scripts. Features that you probably wouldn't know how to use in the first place but save a lot of time for people who work with graphics on a daily basis. Not to mention the JPEG algorithm in Photoshop is the best you'll find. If you're trying to do something special in Photoshop, you'll easily find a tutorial or people who know how to do something. It's a well designed program, which is why it costs what it does. I had my employer purchase a license for me. If that's not an option for you, then Paint Shop Pro is still an outstanding choice for amateurs and aspiring artists.

I find it odd how you kept downgrading, but Linux pretty much made that nessisary. Paint Shop Pro was pretty good. Even Paint Shop Pro X looks and works better than Paint.net and both are much better than GIMP. I think you're choices have less to do with speed, reliability, features, or usability and more about zealotry after switching to Linux. GIMP sucks, but it's FOSS and a darling of Linux zealots, so you'll praise it far and wide while denigrating anything else.

Re:Creative Cloud Crap

[UltraZelda64]

"You're trolling and ill-informed."

If 'trolling' these days is speaking your own 100% honest opinion, then yes, I guess I must be trolling. I wasn't aware that you are a troll for having an opinion, though. Learn something new every day.

"You clearly have little experience actually using Photoshop and certainly not a recent version."

No shit, I'm pretty sure my first couple sentences made it obvious that I was never a fan of the program, its price, etc. I'll take almost *anything* over that overpriced crap.

It's a well designed program, which is why it costs what it does.

Sorry, I did not get that impression, and I felt it was a massive rip-off at twice the price of a fucking Windows licence. Does that make me even more of a troll? Seriously though... operating system, $300... bitmap editor... $650?!

I find it odd how you kept downgrading, but Linux pretty much made that nessisary.

I find it odd how you keep talking as if you're a know-it-all professional and that your opinion is *the* definitive answer, and yet mine is trash. I have to ask you at this point the same question you started off asking me: are you a troll? Your use of "zealots" only makes it seem even more likely... and your entire second paragraph seems to have "troll" stamped all over it.

They can keep ColdFusion

[alef.01]

If were the hacker I'd send the back the CF code with an apology note.

Re:They can keep ColdFusion

[scdeimos]

I liked ColdFusion while it was still in Macromedia's hands.

Re:They can keep ColdFusion

I liked ColdFusion while it was still in Macromedia's hands.

Macromedia? There has been no *true* ColdFusion since it left Allaire's control.

Anyway... Coldfusion was always limited and lacked scope for building really useful systems. It had some good ideas, but most of them were taken and substantially improved upon by JSP 2, leaving CF without any real application.

Finally an alternative to PS

Bout time! Maybe a price break as well

Organisation-wide failure - /. hubris spot-on?

[Bearhouse]

I know it's popular to rubbish Adobe here, but this report, if true, would seem to justify the Adobe-hate.
And I say this as someone who has happily used many of their products over the years, (although less so, lately).

Yes, we all know security is hard, but if you're a leading tech company with internal safeguards so lax that one breach can leak both user IDs and source code well, frankly, you're shit.

Re:Organisation-wide failure - /. hubris spot-on?

[DMJC]

Actually if I was a major tech company, I'd buy a second fibre line that's not connected to our website/internal systems for hosting stuff like the sourcecode. Sure Adobe.com is a target but I bet picturepaintingdev.com would be left alone.http://it.slashdot.org/story/13/10/29/2047228/adobe-breach-compromised-over-38-million-users-photoshop-source-code#

Why didn't Adobe kept Source code offline ?

Why didn't Adobe kept all its source code somewhere offline ?
I mean ..... Photoshop is Adobe's bread and butter, it would be a disaster of same magnitude as if MS lost source code for it's Office.

Re:Why didn't Adobe kept Source code offline ?

[Jeng]

Work at home access?

There are plenty of reasons I am sure, that being one of them. Was it a good idea? Well no.

Re:Why didn't Adobe kept Source code offline ?

Any connection outside of the Intranet, work-at-home or otherwise, should be through a VPN connection providing access to a network that is otherwise only internally accessible. If Adobe stored internal VPN login information in the same place as user data (or allowed the same login credentials for CC and their VPN), they have failed to adhere to some of the most basic network security principles. They deserve to go down in flames - and GIMP deserves to make a quantum leap.

On the bright side I have a feeling the CF source code is like the videotape from The Ring - whoever got ahold of it has either turned to stone or suffered some terrible, horrible death.

Re:Why didn't Adobe kept Source code offline ?

[GuB-42]

If development machines can access the internet, then the source code is online.
It's possible to really work offline but the cost is so high that it is usually only done with classified programs. And it won't prevent a cracker from simply convincing a developer to steal the code using an USB stick.

shocker

[slashmydots]

Wow, and Adobe is so into security. It's practically their specialty. By the way, this isn't a commonly known fact but their user support forums make 4chan look sincere, civil, and helpful by comparison.

Why all the hate?

[intermelt]

I understand this is /. but I don't understand why every "insightful" post is against Adobe. Adobe has marketed to to their users. Their market is not an opensource market. Their market is people who want something that works. Their IP is priceless and I believe their "Cloud" platform has been correctly. Up until they offered Creative Cloud I never had a licensed version of an Adobe product. I now have a licensed adobe product on my home and work computers. They are not evil by any means. My subscription can lapse and things still work. Programs are installed locally. The only connect now and then to confirm the license. I now get updates on a regular basis. Their code is considered top notch by professionals. I have rarely had an Adobe application crash on me. It just works. You can't say that about any of the competitors, open-source or not. I've tried using Gimp or Paint Shop Pro. They don't even compete with Photoshop.

As far as we know this breach has nothing to do with the "security" or "programming ability" at Adobe. It could have easily been an insider. Or maybe just someone who knows what they are doing and has been at it for years. Any system can be easily breached internally and any system can be breached given time.

Stop making assumptions and look at the facts. The facts about the situation are non-existent. The facts about their programming ability is public knowledge and they have proven themselves. Anyone that thinks otherwise... show me what you have done that has the capabilities of their software. You won't. Their software (Adobe Acrobat) is used everywhere. More than Flash was (Flash was Macromedia, not Adobe) If it sucked it won't be used. Don't give me any analogies about how Windows sucks and it still is used! Windows doesn't suck. Any professional Linux user will agree that it satisfies its market, which happens to be a very large market. I love Linux but all my computers have Windows. Why? because it works as it should. Oh it's not free? You get what you pay for. That goes for Adobe products too. Talk to one of their programmers. Find out what a real development environment is like. Ask them how much time is devoted to their product. Ask them how much time is devoted to testing. Ask them how much time is devoted to refactoring their code. This is not Microsoft. They can't get away with just adding on. They invent and make new. They are worth it.

A small hiccup like this is nothing. It has happened to companies magnitudes greater and no one blinks an eye. Adobe as been completely transparent about what happened.

They should be applauded for their efforts to inform people.

I can't wait until slashdot is compromised. It will happen. My encrypted password will be stolen. Oh no! 100's of sites have my encrypted password. Just like they all have yours. Oh... you use a different password for every site. First.. I call BS! You don't. You want to project a fake reality. Fine. You are then just stupid. You really only need 3 - 4 different passwords.

1. Banking/PayPal
2. Email
3. Other Sites
4. Optional/ Social Sites (could fall under "other sites"

This keeps you safe. A max of 4 passwords. If you can't figure out the logic, then just move on.

So how does all this roll back into Adobe?
1. If you use only 1 password you are stupid.
2. If you use 2 - 4 passwords, you don't care.
3. This isn't Adobe's fault, it just happens.
4. If it bothers you then why do you have an Adobe account in the first place?
5. We all use Adobe products and could not live without them. (btw... this is not a monopoly! think before you respond with those ideas)

I think this is enough to get my point across.

Re:Why all the hate?

[garyoa1]

Your subscription can lapse and you can still work with it? I don't think you read the fine print. You can no longer buy it nor can you license it. You rent it. You stop paying, you stop playing.

Re:Why all the hate?

[intermelt]

By "lapse" I meant "failure to have funds to pay on time" And "still work with it" I meant, you don't instantly loose access to the product. You don't need to be connected to them 24/7 for access to the product. A common misconception because they call it a "Cloud".

It really isn't a "Cloud" based product. It is just a monthly licensed product. They do offer "Cloud" based storage, but you do not have to use it. It is merely a convenience for those that want it.

Yes you are "renting" but I believe in their case this is better for everyone. The product is updated more frequently. This is cutting edge software. They need cashflow to keep ahead of the game (Gimp, etc)

Why do people lease (rent) cars? Because they want the newest most advanced. This is what Adobe is offering. I think it is cheaper in the long run for most. If you are a Professional user that always upgrades, it is cheaper than the past. Some may say otherwise, but they try to compare educational prices or not the full suite. For the occasional user it is cheaper. If I only need Photoshop for a single job, I just pay for one month. I can pick the single app option and it is cheap. I don't have to purchase $1000's worth of software for just one month. Even if I need it for a full year, it is cheaper than purchasing the full version previously offered.

The only people that re really concerned are those that have pirated it in the past and never want to pay anything. Adobe products (especially Photoshop) are probably one of the most pirated pieces of software next to Windows. If it wasn't worth anything it wouldn't be pirated. They are just trying to pay their programmers a decent wage. Something we all should be proud of.

Re:Why all the hate?

[LordWabbit2]

You get what you pay for

Could not agree more.
Look I understand that there is some awesome open source software out there, it's just not as good as the closed source stuff.
And that is due to funding, someone spending an hour or two a night on some OSS is not going to be able to compete with someone spending 8 solid hours a day.
Linux has come a long way, but when you have to drop to console to change your fucking resolution because you're using some whack Chinese rippoff monitor and windows just adapts to it then you know you are getting what you paid for.

Re:Why all the hate?

so you are happy to be locked in to monthly payments to adobe ... for _life_? or lose access to your own IP?

Re:Why all the hate?

Up until they offered Creative Cloud I never had a licensed version of an Adobe product. I now have a licensed adobe product on my home and work computers. They are not evil by any means.

Speaking as a user who bought pre-CC versions of Adobe software, I have to dissent. They built up a near-monopoly on the basis of having first mover advantage, thus allowing them to capture such a high proportion of several professional graphic design niches that nobody could start effective commercial competition to them, and are now moving to a business model where instead of paying for infrequent updates (I've bought 3 Photoshop versions and 2 versions of After Effects over the last 16 years of professional design work, which is to say substantially less than 25% of the released versions) I now have to pay for everything if I want to update at all (CC costs about the same as updating the standalone apps every 3 years, but I've only been updating every 5-6 years, so it'll cost me nearly double what I've been paying). This is clearly a case of them taking advantage of the fact that they've been able to drive out all effective competition and are now gouging the market, a practice which is inherently evil IMHO.

(captcha: doubloon)

Re:Why all the hate?

Yes you are "renting" but I believe in their case this is better for everyone. The product is updated more frequently. This is cutting edge software. They need cashflow to keep ahead of the game (Gimp, etc)

I don't need cutting edge. I need to be able to read files that I'm sent by collaborators, so just need to follow the trend or not lag too seriously behind it. Past experience tells me I don't need to update more than about once every 5-6 years. That isn't an option now. Why should I care whether they need the cash or not? They have no right to it. If GIMP were able to catch up to photoshop (including ability to import every possible photoshop file, which it currently lacks), I'd be very happy, but it doesn't seem to be happening.

Why do people lease (rent) cars? Because they want the newest most advanced. This is what Adobe is offering. I think it is cheaper in the long run for most. If you are a Professional user that always upgrades, it is cheaper than the past.

Only idiots pay for new cars. I'm happy with my 4-year old Ford Focus. It may not be the latest & greatest model, but there's nothing wrong with it and I paid about 20% what I'd have paid for a new one. Over the next 4 years (about the time span I expect to own it) I expect about £1,500 of depreciation (compared with about £9,000 if I'd bought a new one), and pretty similar running costs to those for a new car.

Only idiots upgrade their software with every release from the vendor. Only a handful of people have any actual need to do so. The rest of us could and should wait until the cost of using an older version is higher than that of upgrading, which often takes years.

The only people that re really concerned are those that have pirated it in the past and never want to pay anything.

I imagine those people are pretty happy with this news. Maybe they can start an underground Photoshop fork that tracks all the most important new features...?

They are just trying to pay their programmers a decent wage.

Adobe has an 85% profit margin. This means almost none of the money you pay them goes to their programmers; almost all of it goes to their shareholders.

And users' email addresses were sold to spammers

I use unique honeypot email addresses whenever I register for access to a web site or service. I started receiving "Wanna have some fun with cute and interesting woman?" emails on Adobe's honeypot almost immediately after the breach. :)

spam?

So is this why I just started getting spam on my unique adobe email that I've not used anywhere else? Because they stole all the emails too?

Prometheus brings us fire

[ikhider]

I was hoping some civic minded cog from Adobe would release some of the good code for the rest of us to study, reverse-engineer, and add to some libre software. Once knowledge is 'out there', it is hard to suppress. Adobe uses their powers to control and enslave users to a so-called cloud to force users to pay a 'tribute'. The barber cannot buy but must rent scissors. I want to see a libreoffice version of adobe suite soon.