At a bigger level Adobe is supposed to be "reputable", aka not a "cheap 2 bit op". Skipping all the zero day stuff, presumably their raw customer logins were supposed to be "standardly protected".
So I'm getting increasingly grumpy about the "Cloud" - "create accounts, good for only X years before they get hacked!"
-TaoPhoenix
Start of rant:------------------------------------Yes, it is a depressing reflection on the technical capability of the service suppliers how common a failing this "hackability" seems to have been. The evidence is there as plain as a pikestaff: the techos implementing these systems that get hacked - and hacked with such frequency and apparent ease - are clearly failing to implement sometimes even the most basic/elementary security procedures, never mind the appropriately more sophisticated security procedures.
The thing about good IT security is that it should employ a proactive and pre-emptive risk-averse approach to potential risk/threat.I am thus wholly
unimpressed by the Adobe blog post (linked to at
the ZDnet link given by @tomos, above), where it says this:
Important Customer Security Announcement
Posted by Brad Arkin, Chief Security Officer on October 3, 2013 8:08 AM in Executive Perspectives
Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related. ...
...We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you. If you would like additional information, please refer to Adobe’s Customer Support page.
This would seem to include:
-
argumentum ad populum (appeal to the people/consensus, popular sentiment - appeal to the majority; appeal to loyalty);
-
argumentum ad verecundiam (appeal to authority; conventional propriety);
-
argumentum ad misericordiam - appeal to pity; to arouse pity for getting one's conclusion accepted);
-
argumentum ad baculum (appeal to fear);
-
argumentum ad ignorantiam (forwarding a proposition without any certain proof) - we are not offered any evidence as to the "sophistication" of this attack.
That is, there's not only an implicit:
"Hey, everyone knows that security can be a BIG PROBLEM - right? I mean, heck, it's not like it's MY fault, #sshole - I mean, like, it's a bad, bad world out there - y'know?"
- which could be a classic rejection of responsibility for the success of the hack attack and a pathetic, anticipatory whining self-defence, but also, the phrase
"sophisticated attacks on our network" could arguably be a massive spin/euphemism for the truth, which could perhaps be better interpreted as:
"We were wholly unprepared for this hack attack, which was far more sophisticated than we had been prepared for with our hopelessly inadequate, immature and unsophisticated security systems. We thought we'd be able to get away with minimal spending on that part, but I guess we got screwed anyway. Oops. I guess calculating the statistical probability of risk was never one of our strong-points, eh? Oh dear, what a pity, never mind. Sorry about that. Well, this has certainly been a learning experience for us, and I promise we'll do real good now and start thinking ahead a bit. OK? So stop being all bitter and twisted about it, see?
Oh, and in case we've not already covered ourselves with explicit ZERO LIABILITY for this sort of thing, we will soon, 'cause we're already reviewing our Terms & Conditions to make damn sure of that one, and we'll unilaterally change it all, as necessary. So you can go suck on that."
It's bad enough, but at least it's understandable if/when people accidentally and
without thinking use logical fallacies in a discussion/debate - because we're only human after all. However, if/when apparently fully-considered public statements/propositions are made by responsible and accountable people whilst in damage-control mode, and if those statements/propositions contain logical fallacies, then this could presumably be
deliberate. That is, the truth could be being deliberately twisted in an attempt to avoid liability and shape public perception in a desired manner. This is the world of marketing and politics where
"Perception is everything". It is BS.
The antics of Adobe over the years in consistently pushing and manipulating the market for its various ubiquitous and sometimes crappy offerings - e.g., including .PDF and Shockwave/Flash - had already put them relatively low down in my table of expectations, but by this latest foul-up and in particular their response to it they have just placed themselves smack at the bottom. Avoid.
End of rant:------------------------------------
