Slashdot Mirror
Adobe Breach Compromised Over 38 Million Users, Photoshop Source Code
rjmarvin writes "Adobe's investigation into the massive data breach they were hit with this past August has revealed that over 38 million active users, not to mention inactive accounts, had their user IDs and passwords pilfered by hackers. An Adobe spokesperson confirmed the number, along with the theft of Adobe Photoshop source code. The initial report earlier this month put the extent of the breach at only 3 million credit card accounts, plus stolen Adobe Acrobat, Reader and ColdFusion source code."
The breach was made possible by a bug in Adobe Acrobat Reader I hope.
That would be Karma.
I can finally write that lens flair javascript library
-- Jim
Weekly feedback for your website.
The untold story is that the hackers tried to give back the source code but Adobe said NO GIVE BACKS!
Adobe hasn't notified me of anything so my data must be safe. Right?
Right?
So how's that new "Cloud all the apps" thing working out for you guys so far? Ah. I see you leaked pretty much your whole database of people who had signed up for it. Well then, carry on.
In other news, I hope your new strategy crashes into the dirt so hard the only thing that'll be memorable about Adobe in 5 years will be is the case study on it in business classes around the world on how not to do it.
#fuckbeta #iamslashdot #dicemustdie
I know we're gonna get all the "ha ha, it's an evil megacorp anyway", but damn it must be stressful moments to some of the folks at Adobe. :/ Especially if the source code leaks turn out to be true.
Oh no! Stolen!? I hope they get their source code back soon!
I keep hearing about this breach and that breach, but what I'd love to see are some seriously ambitious groups of skilled security engineers standing up to help encourage good security practices that are widely recognized and standardized. The networked computing eco-system is so intertwined and desperate that how can any Jack or Jill admin be expected to have a fair set of skills in their toolbox to tackle such a hurdle? To expect any or ALL admins to have enough competence to just know the depth and complexity of a highly enabled enterprise is very unlikely.
For a possible first step, lets consider blocking broadcasts by default. All computers fall into 255.255.255.254 and rely on tight enforcement of shared communication as a reasonable start.
A second may be for all communications channels to be flagged with security credentials of the communications user (or machines), or anonymous for completely un'authorized' communications and rely on block by default as a sane start. Allow 'users' to reach out to unsecured locations if you like, but make sure that their connection to secured resources are a lot harder to reach (and fully audited when performed)
Anyways, this is a huge problem which is at least in part to why this happens over and over again. I could say X, and 100 experts will give me 101 answers to why its the most stupid solution in the world, so.... enjoy!
Bye!
so it wasn't real anyway.
Sent from my ENIAC
While I fully realize that it would be both wrong and illegal, with the Photoshop source code in the wild, is it possible some of it could added to or at least quietly re-engineered into OSS projects? Real CMYK support for Gimp would be like birthday + xmas combined times a million.
Brought to you by Carl's Junior.
That way when there's a breach your creative suite files can rain on 50 different countries at the same time, all at the speed of light.
Bring it! :D
Anyone else wondering why the sourcecode was even able to be accessed? Seems like a stupid thing to have on a web server, or able to access from a web server.
That's like leaving a laptop sitting on a seat in car while you are out shopping/whatever.
Be seeing you...
Even the best of security practices does little to dissuade them when all of the eggs are in one basket.
I know it's popular to rubbish Adobe here, but this report, if true, would seem to justify the Adobe-hate.
And I say this as someone who has happily used many of their products over the years, (although less so, lately).
Yes, we all know security is hard, but if you're a leading tech company with internal safeguards so lax that one breach can leak both user IDs and source code well, frankly, you're shit.
Work at home access?
There are plenty of reasons I am sure, that being one of them. Was it a good idea? Well no.
Don't know something? Look it up. Still don't know? Then ask.
My Photoshop CS2 serves me very well and will continue to do so until Gimp catches up. (I realize I might be dead before that happens, but one can hope that that won't be the case).
And I'm on CS3. But you are correct about upgrading. Adobe and their business model of us having to spend thousands every 2 years on the new suites, and now wanting us to just install a pipeline from our wallets to their bank account, was getting creaky a few years back. Which of course is why you are still running CS2, and me CS3.
Software as a service is fatally flawed, Adobe has found that out. It will be interesting to see their astroturf project re this.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Wow, and Adobe is so into security. It's practically their specialty. By the way, this isn't a commonly known fact but their user support forums make 4chan look sincere, civil, and helpful by comparison.
Me too, especially since CS2 is effectively free now. Adobe shut down the activation servers earlier this year so they actually gave out activation-free CS2 installers AND their serials. It's the only non-douchebaggy thing Adobe has done in recent memory.
"It is a denial of justice not to stretch out a helping hand to the fallen; that is the common right of humanity."
I understand this is /. but I don't understand why every "insightful" post is against Adobe. Adobe has marketed to to their users. Their market is not an opensource market. Their market is people who want something that works. Their IP is priceless and I believe their "Cloud" platform has been correctly. Up until they offered Creative Cloud I never had a licensed version of an Adobe product. I now have a licensed adobe product on my home and work computers. They are not evil by any means. My subscription can lapse and things still work. Programs are installed locally. The only connect now and then to confirm the license. I now get updates on a regular basis. Their code is considered top notch by professionals. I have rarely had an Adobe application crash on me. It just works. You can't say that about any of the competitors, open-source or not. I've tried using Gimp or Paint Shop Pro. They don't even compete with Photoshop.
As far as we know this breach has nothing to do with the "security" or "programming ability" at Adobe. It could have easily been an insider. Or maybe just someone who knows what they are doing and has been at it for years. Any system can be easily breached internally and any system can be breached given time.
Stop making assumptions and look at the facts. The facts about the situation are non-existent. The facts about their programming ability is public knowledge and they have proven themselves. Anyone that thinks otherwise... show me what you have done that has the capabilities of their software. You won't. Their software (Adobe Acrobat) is used everywhere. More than Flash was (Flash was Macromedia, not Adobe) If it sucked it won't be used. Don't give me any analogies about how Windows sucks and it still is used! Windows doesn't suck. Any professional Linux user will agree that it satisfies its market, which happens to be a very large market. I love Linux but all my computers have Windows. Why? because it works as it should. Oh it's not free? You get what you pay for. That goes for Adobe products too. Talk to one of their programmers. Find out what a real development environment is like. Ask them how much time is devoted to their product. Ask them how much time is devoted to testing. Ask them how much time is devoted to refactoring their code. This is not Microsoft. They can't get away with just adding on. They invent and make new. They are worth it.
A small hiccup like this is nothing. It has happened to companies magnitudes greater and no one blinks an eye. Adobe as been completely transparent about what happened.
They should be applauded for their efforts to inform people.
I can't wait until slashdot is compromised. It will happen. My encrypted password will be stolen. Oh no! 100's of sites have my encrypted password. Just like they all have yours. Oh... you use a different password for every site. First.. I call BS! You don't. You want to project a fake reality. Fine. You are then just stupid. You really only need 3 - 4 different passwords.
1. Banking/PayPal
2. Email
3. Other Sites
4. Optional/ Social Sites (could fall under "other sites"
This keeps you safe. A max of 4 passwords. If you can't figure out the logic, then just move on.
So how does all this roll back into Adobe?
1. If you use only 1 password you are stupid.
2. If you use 2 - 4 passwords, you don't care.
3. This isn't Adobe's fault, it just happens.
4. If it bothers you then why do you have an Adobe account in the first place?
5. We all use Adobe products and could not live without them. (btw... this is not a monopoly! think before you respond with those ideas)
I think this is enough to get my point across.
High cost and stagnant development weren't enough?
Gimp will never catch up (you will be dead). This isn't about humoring yourself. This isn't even about Adobe Creative Cloud. This is about a breach. They don't have that many Creative Cloud subscribers yet. They have approximately 30 full time programmers. If this were a Creative Cloud breach then 38,000,000 * 50 = $1.9 billion a month. Really? That comes to $6.3 million per developer. Take 90% out for expenses and you are still at $633,000 per developer. Not the case.
That being said. The only information Adobe has on me is my name, email and possibly credit card number. All useless information. I don't have to put any of my files in "the cloud" it is just a convenience if I decide to. Just like... dropbox, gdrive, etc.
If someone really wanted your personal information they would break into your house during the day while you were at work (you do work?) and just take you hard drive. Probably under 3 minutes. No tail. No explanation. Done. Then come here and complain about your info being in the cloud.
If you use Adobe products professionally your CS2 won't last long. The people are moving to CC. Adobe is a real product that is unfortunately not open-source, yet it costs less than your internet or phone on a monthly basis. Or even less than a tank gas. Tell me how that is wrong. You don't make money off your gas. You make money off their professional products.
BTW... I run several open-source businesses. I believe in it. But certain products can't be open sourced if you want quality.
I liked ColdFusion while it was still in Macromedia's hands.
Getting creaky, "just" a few years back? It got old over a decade ago for me. And sorry, but demanding $650 for a fucking bitmap editor is just robbery. Which is why I never bothered to buy it, and years ago bought Paint Shop Pro (back when it was still by Jasc), and have long since switched to Paint.net and finally (after switching from Windows to Linux in 2006) the GIMP. I never did get the point behind Photoshop anyway... it's beyond slow, bloated and just a nightmare to find anything that you need. Its menu system is a trainwreck.
"You're trolling and ill-informed."
If 'trolling' these days is speaking your own 100% honest opinion, then yes, I guess I must be trolling. I wasn't aware that you are a troll for having an opinion, though. Learn something new every day.
"You clearly have little experience actually using Photoshop and certainly not a recent version."
No shit, I'm pretty sure my first couple sentences made it obvious that I was never a fan of the program, its price, etc. I'll take almost *anything* over that overpriced crap.
It's a well designed program, which is why it costs what it does.
Sorry, I did not get that impression, and I felt it was a massive rip-off at twice the price of a fucking Windows licence. Does that make me even more of a troll? Seriously though... operating system, $300... bitmap editor... $650?!
I find it odd how you kept downgrading, but Linux pretty much made that nessisary.
I find it odd how you keep talking as if you're a know-it-all professional and that your opinion is *the* definitive answer, and yet mine is trash. I have to ask you at this point the same question you started off asking me: are you a troll? Your use of "zealots" only makes it seem even more likely... and your entire second paragraph seems to have "troll" stamped all over it.
I was hoping some civic minded cog from Adobe would release some of the good code for the rest of us to study, reverse-engineer, and add to some libre software. Once knowledge is 'out there', it is hard to suppress. Adobe uses their powers to control and enslave users to a so-called cloud to force users to pay a 'tribute'. The barber cannot buy but must rent scissors. I want to see a libreoffice version of adobe suite soon.
"SO we bide our time, waiting for a purer kick to bloom and the future is still bleak, uncertain and beautiful" -GSYBE
If development machines can access the internet, then the source code is online.
It's possible to really work offline but the cost is so high that it is usually only done with classified programs. And it won't prevent a cracker from simply convincing a developer to steal the code using an USB stick.