Normally hacker find vulnerabilities of normal people, but hacker's also do mistakes. The Crack of Adobe Systems network was discovered after the source code of numerous products, including the Web application development platform ColdFusion, sat parked on a hacker’s unprotected Web server open to the Internet.On October 3rd are hackers are leaked the 2.9 million customer information leaked. Mr.Alex Holden chief information security officer of Hold Security and their are investigating in this attack, Finally they are found the Adobe company’s source code on a hacker's server.
Mr.Alex Holden said the Adobe’s source code “was hidden, but it was not cleverly hidden,” They are said perusing the directory of the server,with the abbreviation “ad.” It was filled with “interesting” file names, including encrypted .”rar” and “.zip” files.
It’s not clear if the files were stolen from Adobe in an encrypted format or if the hackers encrypted the files and then uploaded them to their server.
Source code could make it easier for hackers to find vulnerabilities in Adobe’s products. But so far, no new zero-day vulnerabilities the term for a vulnerability that is already being exploited but doesn’t have a patch have surfaced in the last couple of months since the source code was taken. So far, the source code has not been publicly released.
In October 3 10-Q filing with the U.S. Securities and Exchange Commission, Adobe acknowledged the attack, but said it did “not believe that the attacks will have a material adverse impact on our business.” After that Adobe wrote later in the filing that its efforts to fight cyberattacks “may not be successful” and cause the loss of customers, incur potential liability and cost the company money.
Adobe find the server had already attracted interest prior. It was being used as a repository for stolen data by a Hacker Team that also broke into the networks of data aggregators LexisNexis, Dunn & Bradstreet and Kroll Background America, as reported by security analyst and journalist Brian Krebs.
The Hacker Team from Russia, till yet they are titled the team name and they are still active.
The Hacker team already stolen the information from other companies too.Some of those attacks could become public if the companies elect to make an announcement. Mr.Holden has not mentioned the companies names.
Analysts with Holden’s company specialize in gaining access to “deep web” or dark forums, used by cybercriminals to trade data and techniques anonymously. Hold Security offers a subscription service called ”Deep Web Monitoring” where companies can be notified if their data is found.
The secret forums are password protected and are often invitation only, so security researchers often pretend they’re one of the bad guys to get in.
Reference:
http://www.pcworld.com/
No comments:
Post a Comment