Adobe has confirmed a massive hack that led to the theft of the private information of 2.9 million customers. As a precaution, Adobe said it is resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. . Adobe contacted the banks that process customer payments for the software firm and has also alerted federal law enforcement agencies.
In addition to nearly 3 million credit card numbers hacked from Adobe, (which at least were encrypted) more worrying story is that hackers apparently have obtained 40 GB of Adobe source code, which may include Adobe’s most popular products, Adobe Acrobat and ColdFusion.
The breach is believed to be due to same hackers who compromised LexisNexis and other organizations. The technique seems to be to plant a rogue executable on the targeted systems and which then creates a command and control channel back to the attackers. So if you use Adobe products on the web some additional care is recommended, and update to the latest hardened code.
So it’s good news for cloud users that Microsoft has introduced two factor authentication on Azure. Multiple vendors , including Google, Facebook, Twitter and Apple have implemented various forms of two-factor authentication.. Microsoft’s approach on Azure is somewhat different . With the Windows Azure multifactor authentication system, a cloud administrator can enable two-factor authentication across cloud applications hosted on Azure. So it’s not just about access to Azurebut also about the applications you host on Azure.
This isn’t a free service – price plans, start at $2 per month per user but it seems an easy to use worthwhile service.
Microsoft also said last week that it will ship eight security updates this coming week to patch critical vulnerabilities in Windows and Internet Explorer (IE), with the one aimed at IE plugging the hole attackers have been exploiting for months.
