Security and Subscription Software

hgernhardtjrhgernhardtjr Docendo discimus.Posts: 417Registered Users Major grins
edited October 4, 2013 in Digital Darkroom
I do not know exactly what is happening, but this quote from Adobe Chief Security Officer Brad Arkin explains why I will NOT go with subscription software from Adobe, Microsoft, etc. unless I have no other recourse:

"very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related" ...

... "our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems".

Here's one link with the story:

http://www.cio.com.au/article/528254/hackers_steal_information_2_9_million_adobe_customers/
— Henry —
Nam et ipsa scientia potestas est.

Comments

  • cmasoncmason Old dog, new tricks Raleigh, NCPosts: 2,506Registered Users Major grins
    edited October 4, 2013
    Well, subscription/cloud has nothing to do with this. If you have ever bought online from Adobe ( I have, and downloaded Lightroom 4), then you are at risk. And its no different than buying from Amazon, Best Buy, etc, even buying boxed software. This will, and does, happen to them all.

    Sadly , there is really no defeating APTs given our current system of credit cards/passwords. Until we redesign things with real authentication, these things will happen no matter the vendor.

    Your best bet is: 1) use a unique password for each site. Never the same one twice. 2) keep an online credit card and personal credit card separate. This way if you lose the online one, you at least have a personal one to use. Remember, laws (in US) protect your credit card should it be stolen: you won't be responsible for the charges. Some credit cards, like Mastercard, offer temp or virtual credit card numbers you can use online that are one time purchase numbers tied to your account.

    For really important online transactions like banks and investment accounts, ask for second factor authentication methods. Most offer them today for the asking. For example, Schwab will provide you with an RSA fob that provides a random number you must enter with your password to gain access to the account. This 'two factor authentication' is critical, as it eliminates issues with stolen passwords, as passwords alone are not enough. Even if stolen the password is useless.

    The iphone 5S is very encouraging, as it puts a second factor method in millions of hands (fingerprint reader). I hope it really spreads. Imagine using your phone to authenticate an Amazon purchase: without your 1) password, 2) phone, and 3) finger, no one can gain access to your Amazon account, or make a purchase via your credit card. Someday perhaps.
Sign In or Register to comment.