Adobe is the latest in a long line of prominent tech companies to suffer a major security breach. Adobe stated that hackers had stolen source code to some of its most popular software applications and data about millions of its customers (source: Reuters).
Adobe is currently re-setting passwords and is advising customers to re-set passwords which are also used on other sites. But if the loss 2.9 million of its customers IDs and encrypted passwords wasn’t enough, the theft of the source codes means that hackers could potentially use that knowledge to exploit flaws in the software, launching attacks which are very difficult to detect.
The Wall Street Journal suggests that “attackers could exploit the code for ColdFusion, a Web application development platform, to find ways to directly access databases linked to public-facing websites”.
These fears have been debunked by Adobe’s security chief, Brad Arkin, as he suggests that after investigating the breach since its initial discovery, he has not seen any evidence that Adobe customers are suffering attacks based on the theft.
He goes on to state that “from my experience as someone who’s been in possession of the source code for five years, I don’t know that it helps the bad guys very much … in my experience, the most efficient way of finding vulnerabilities is not spending time with the source code but directly testing the product while it is running”.
However, if Adobe’s Chief Security Officer is incorrect, this could spell trouble for many major US based organisations. For example, the US Department of Defence, the National Security Agency and the Department of Energy all use Adobe ColdFusion, one of the systems which could potentially be affected.
A spokesperson for the Department of Defence was quick to respond by stating that “as with any widely distributed software, when we identify an issue that may pose a threat or vulnerability to our networks, we remedy it as quickly as possible”. He went on to ensure the public that “we remain vigilant of any potential vulnerability to our systems or networks and take issues such as these seriously.”
With so many major organisations falling foul to data theft from hackers, perhaps it’s time you started to think about taking your cyber safety a little more seriously with varied and secure passwords.
Author: Russell Scott has been the MD of Sycura since its initial inception. Russell offers IT Support services through Sycura and enjoys writing about IT infrastructure and security issues within IT.