Main Area and Open Discussion > Living Room

Adobe admits 2.9 million customer accounts compromised

(1/2) > >>

tomos:
This from Znet last week (October 3rd), not much info in the article; and some contradictory statements re what exactly they got.
Not good publicity for Adobe's 'Creative Cloud' at any rate.

Adobe admits 2.9M customer accounts have been compromised

Summary: Unfortunately, the attack on Adobe also compromised customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.link:
http://www.zdnet.com/adobe-admits-2-9m-customer-accounts-have-been-compromised-7000021546/

IainB:
Heh, yes, I got am email from them telling me to change my account password. Being a bit paranoid,  I don't have any personal details saved in that account, so am not worried.
But what a palaver to get the account password reset! It took ages, and then just hung, so you had to restart the process. I kept at it, because from experience I knew Adobe's website tended to be somewhat constipated, but after 30 mins wasted time and getting nowhere I gave up and will try again sometime later.
I think their servers must be getting hammered. I would guess that their operation is probably not scaled up enough to cope with the peak load that is hitting them at the moment with people trying to reset their account passwords.

TaoPhoenix:
At a bigger level Adobe is supposed to be "reputable", aka not a "cheap 2 bit op". Skipping all the zero day stuff, presumably their raw customer logins were supposed to be "standardly protected".

So I'm getting increasingly grumpy about the "Cloud" - "create accounts, good for only X years before they get hacked!"

IainB:
At a bigger level Adobe is supposed to be "reputable", aka not a "cheap 2 bit op". Skipping all the zero day stuff, presumably their raw customer logins were supposed to be "standardly protected".
So I'm getting increasingly grumpy about the "Cloud" - "create accounts, good for only X years before they get hacked!"
-TaoPhoenix (October 08, 2013, 05:21 AM)
--- End quote ---
Start of rant:------------------------------------
Yes, it is a depressing reflection on the technical capability of the service suppliers how common a failing this "hackability" seems to have been. The evidence is there as plain as a pikestaff: the techos implementing these systems that get hacked - and hacked with such frequency and apparent ease - are clearly failing to implement sometimes even the most basic/elementary security procedures, never mind the appropriately more sophisticated security procedures.
The thing about good IT security is that it should employ a proactive and pre-emptive risk-averse approach to potential risk/threat.

I am thus wholly unimpressed by the Adobe blog post (linked to at the ZDnet link given by @tomos, above), where it says this:
Important Customer Security Announcement
Posted by Brad Arkin, Chief Security Officer on October 3, 2013 8:08 AM in Executive Perspectives   

Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related. ...
...We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you. If you would like additional information, please refer to Adobe’s Customer Support page.

--- End quote ---

This would seem to include:
 - argumentum ad populum (appeal to the people/consensus, popular sentiment - appeal to the majority; appeal to loyalty);
 - argumentum ad verecundiam (appeal to authority; conventional propriety);
 - argumentum ad misericordiam - appeal to pity; to arouse pity for getting one's conclusion accepted);
 - argumentum ad baculum (appeal to fear);
 - argumentum ad ignorantiam (forwarding a proposition without any certain proof) - we are not offered any evidence as to the "sophistication" of this attack.

That is, there's not only an implicit:
"Hey, everyone knows that security can be a BIG PROBLEM - right? I mean, heck, it's not like it's MY fault, #sshole - I mean, like, it's a bad, bad world out there - y'know?"

--- End quote ---
- which could be a classic rejection of responsibility for the success of the hack attack and a pathetic, anticipatory whining self-defence, but also, the phrase "sophisticated attacks on our network" could arguably be a massive spin/euphemism for the truth, which could perhaps be better interpreted as:
"We were wholly unprepared for this hack attack, which was far more sophisticated than we had been prepared for with our hopelessly inadequate, immature and unsophisticated security systems. We thought we'd be able to get away with minimal spending on that part, but I guess we got screwed anyway. Oops. I guess calculating the statistical probability of risk was never one of our strong-points, eh? Oh dear, what a pity, never mind. Sorry about that. Well, this has certainly been a learning experience for us, and I promise we'll do real good now and start thinking ahead a bit. OK? So stop being all bitter and twisted about it, see?
Oh, and in case we've not already covered ourselves with explicit ZERO LIABILITY for this sort of thing, we will soon, 'cause we're already reviewing our Terms & Conditions to make damn sure of that one, and we'll unilaterally change it all, as necessary. So you can go suck on that."
--- End quote ---

It's bad enough, but at least it's understandable if/when people accidentally and without thinking use logical fallacies in a discussion/debate - because we're only human after all. However, if/when apparently fully-considered public statements/propositions are made by responsible and accountable people whilst in damage-control mode, and if those statements/propositions contain logical fallacies, then this could presumably be deliberate. That is, the truth could be being deliberately twisted in an attempt to avoid liability and shape public perception in a desired manner. This is the world of marketing and politics where "Perception is everything". It is BS.

The antics of Adobe over the years in consistently pushing and manipulating the market for its various ubiquitous and sometimes crappy offerings - e.g., including .PDF and Shockwave/Flash - had already put them relatively low down in my table of expectations, but by this latest foul-up and in particular their response to it they have just placed themselves smack at the bottom. Avoid.

End of rant:------------------------------------

40hz:
This is the world of marketing and politics where "Perception is everything". It is BS.
-IainB (October 08, 2013, 02:19 PM)
--- End quote ---

This. :Thmbsup:

Well said IainB. 8)

Navigation

[0] Message Index

[#] Next page