Now that we’ve had a little time to absorb the impact of the Adobe breach, there’s a few lessons we can learn already. First, a link for those who have been living in a cave and don’t know what I mean: Krebs on Security has had great coverage.
What we know:
Adobe was breached via a vulnerable Cold Fusion web application server exposed to the Internet. Cold Fusion is an Adobe product.
The vulnerability was known for months, a published vulnerability, and was not patched
38 million user’s accounts were compromised
Source code for Acrobat, Reader, Coldfusion and PhotoShop has been compromised
Two Initial Lessons
User accounts are a huge target for attackers. Basically, every big breach you read about includes breached user accounts. Even if there is no financial data in the account, compromising user name and password allows the bad guy to begin attacking the user’s other accounts since it is quite common to use the same ID/PW combination for most accounts. If an email account can be compromise…
Keep reading with a 7-day free trial
Subscribe to Security n Cigars to keep reading this post and get 7 days of free access to the full post archives.