A computer security firm has discovered data it says belongs to some 152 million Adobe Systems Inc user accounts, suggesting that a breach reported a month ago is much larger than Adobe has so far disclosed and is one of the largest on record.
LastPass, a password security firm, said that it has found email addresses, encrypted passwords and password hints stored in clear text from Adobe user accounts on an underground website frequented by cyber criminals.
Adobe said last week that attackers had stolen data on more than 38 million customer accounts, on top of the theft of information on nearly 3 million accounts that it disclosed nearly a month earlier.
The maker of Photoshop and Acrobat software confirmed that LastPass had found records stolen from its data center, but downplayed the significance of the security firm’s findings.
While the new findings from LastPass indicate that the Adobe breach is far bigger than previously known, company spokeswoman Heather Edell said it was not accurate to say 152 million customer accounts had been compromised because the database attacked was a backup system about to be decommissioned.
She said the records include some 25 million records containing invalid email addresses, 18 million with invalid passwords. She added that “a large percentage” of the accounts were fictitious, having been set up for one-time use so that their creators could get free software or other perks.
She also said that the company is continuing to work with law enforcement and outside investigators to determine the cost and scope of the breach, which resulted in the theft of customer data as well as source code to several software titles.
The company has notified some 38 million active Adobe ID users and is now contacting holders of inactive accounts, she said.
Paul Stephens, director of policy and advocacy for the non-profit Privacy Rights Clearinghouse, said information in an inactive database is often useful to criminals.
He said they might use it to engage in “phishing” scams or attempt to figure out passwords using the hints provided for some of the accounts in the database. In some cases, people whose data was exposed might not be aware of it because they have not accessed the out-of-date accounts, he said.
“Potentially it’s the website you’ve forgotten about that poses the greater risk,” he said. “What if somebody set up an account with Adobe ten years ago and forgot about it and they use the same password there that they use on other sites?”
Adobe said today that the current CS6 version of Photoshop will be the last one to support the operating system.
Adobe Product Manager Tom Hogarty said in a blog post that the Photoshop team would like to provide advanced notice that Photoshop CS6 (13.0) will be the last major version of Photoshop to support Windows XP. He said that modern performance-sensitive software requires modern hardware graphics interfaces that Windows XP lacks, in particular a way to tap into the power of GPUs. By only working on newer operating systems and hardware Adobe can bring in significantly better performance.
Photoshop CS6 already demonstrates that relying on a modern operating system, graphics cards/GPUs and graphics drivers can lead to substantial improvements in 3D, Blur Gallery and Lighting Effect features not available to Windows XP customers, he said.
Adobe hopes that by providing this information early it will help you understand our current decisions around operating system support and where we we’re headed with future releases of Photoshop. It is hard to see how any serious user of Adobe products could be using an XP machine anyway. The move away from XP started with CS 5 which only ran on Vista.
Chrome for Android will not run Flash Player, the popular software that Apple has famously banned, Adobe confirmed Wednesday.
The acknowledgment was no surprise: Last November, Adobe announced it was abandoning development of Flash for mobile browsers. In other words, Google missed the Flash boat by several months.
“Adobe is no longer developing Flash Player for mobile browsers, and thus Chrome for Android Beta does not support Flash content,” said Bill Howard, a group product manager on the Flash team, in an Adobe blog Tuesday.
The stock Android browser included with the operating system does support Flash, noted Howard.
Adobe explained its decision to halt work on Flash Player for mobile browsers as necessary to shift resources, notably to its efforts on HTML5, the still-developing standard that will ultimately replace many of the functions Flash has offered.
“We will continue to leverage our experience with Flash to accelerate our work with the W3C and WebKit to bring similar capabilities to HTML5 as quickly as possible,” Danny Winokur, the Adobe executive in charge of interactive development, said last year. He was referring to the World Wide Web Consortium standards body and WebKit, the open-source browser engine that powers Chrome and Apple’s Safari. “And we will design new features in Flash for a smooth transition to HTML5 as the standards evolve.”
Analysts read the move as a tacit surrender to the trend, first seen at Apple, to skip support for Flash on smartphones and tablets. In 2010, former Apple Steve Jobs had famously dismissed Flash as unsuitable for mobile devices because it was slow, drained batteries and posed security problems.
An unpatched Yahoo Messenger vulnerability that allows hackers to change people’s status messages and possibly perform other unauthorized functons can be exploited to spam malicious links to a large number of users.
The flaw was discovered in the wild by security researchers from antivirus vendor BitDefender while investigating a customer’s report about unusual Yahoo Messenger behavior.
The flaw appears to be located in the application’s file transfer API (application programming interface) and allows attackers to send malformed requests that result in the execution of commands without any interaction from victims.
“An attacker can write a script in less than 50 lines of code to malform the message sent via the YIM protocol to the attacker,” said Bogdan Botezatu, an e-threats analysis & communication specialist at BitDefender.
“Status changing appears to be only one of the things the attacker can abuse. We’re currently investigating what other things they may achieve,” he added.
Victims are unlikely to realize that their status messages have changed and if they use version 11.5 of Yahoo Messenger, which supports tabbed conversations, they might not even spot the rogue requests, Botezatu said.
This vulnerability can be leveraged by attackers to earn money through affiliate marketing schemes by driving traffic to certain websites or to spam malicious links that point to drive-by download pages.
According to the Ethical Hacking group YGN, Apple’s website for developers is virtually wide open and gives the opportunity for hackers to introduce malware such asphishing attacks to gain access to subscriber’s vital personal information.
One group known as Networkworld identified three holes on Apple’s website that arbitrary URL redirects, cross-site scripting and HTTP response splitting. That said, these holes could allow hackers to arbitrarily redirect to other websites and make phishing attacks against developers login credentials more successful.
Verizon Wireless announced the Revolution by LG, an LTE-ready smartphone, will become available for sale in stores and online Thursday for $249.99 with a two-year service plan.
The Revolution has a 4.3-in. touch screen and 1 GHz Snapdragon processor. It utilizes the Android 2.2 mobile operating system and comes preloaded with the Netflix application for access to movies and TV shows.
Verizon called the smartphone an “entertainment powerhouse” partly due to the Netflix capability, but the Revolution also runs the Adobe Flash player, provides Dolby Mobile sound and features high-definition video recording and playback.
Motorola Mobility has snagged a number of experienced mobile and Web engineers from Apple and Adobe and is developing a Web-based mobile operating system as a potential alternative to Google’s Android software, according to a source familiar with the matter.
Asked to comment, Motorola did not refute the existence of the project but continues to affirm its interest in Android. “Motorola Mobility is committed to Android as an operating system,” a company spokesperson stated.
Jonathan Goldberg, an analyst with Deutsche Bank in San Francisco, said that he too had heard Motorola was at work on its own operating system. “I know they’re working on it,” “I think the company recognizes that they need to differentiate and they need options, just in case. Nobody wants to rely on a single supplier.”
Motorola announced on Twitter that the Android software update for the Xoom tablet is being pushed out in phases starting March 11, which includes enhancements to support the upcoming Adobe Flash Player 10.2.
Launched on February 24, the Xoom was pushed out to the market with some seemingly rushed, half done features, just so it arrived on the market before a new iPad. Despite certain hardware advantages over the original and new iPad, the Xoom flaunted 4G radios, SD card memory expansion and Flash support. However, none of these features were actually operational when the device launched. Read More….
The DDos hostilities began in the morning and lasted for a couple of hours. The estimates on the DDos attack was thought to be “multiple Gigabits per second and tens of millions of packets per second”, according to sources, WordPress is working with their providers to prevent such acts from ever taking place again.WordPress the attack is over, though in Chicago, Dallas and San Antonio. The good news is that the site is back up. However, while the attack was in progress sources say it was on of the “largest” the organization has ever seen. Even centersThe attack unfortunately hit main three data. Read More…..
Mobile phone security threats rose sharply last year as the growing popularity of Internet-enabled mobile devices like smartphones and tablets provided new opportunities for cybercriminals, security software maker McAfee said.
In its fourth-quarter threat report, released on today, McAfee said the number of pieces of new cellphone malware it found in 2010 rose 46 percent over 2009’s level.
“As more users access the Internet from an ever-expanding pool of devices -computer, tablet, smartphone or Internet TV- web-based threats will continue to grow in size and sophistication,” it said.
McAfee, which is being acquired by Intel for $7.68 billion, said it expected PDF and Flash maker Adobe to remain a favorite of cybercriminals this year, after it surpassed Microsoft in popularity as a target in 2010.
It attributed the trend to Adobe’s greater popularity in mobile devices and non-Microsoft environments, coupled with the ongoing widespread use of PDF document files to transfer malware. Read More….