Educause Security Discussion mailing list archives
Re: FYI - Adobe account compromise
From: Brian Helman <bhelman () SALEMSTATE EDU>
Date: Mon, 11 Nov 2013 01:19:37 +0000
Yeah, that was it. Sorry about the confusion. -Brian ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Keller, Alex [axkeller () STANFORD EDU] Sent: Thursday, November 07, 2013 1:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] FYI - Adobe account compromise http://sophos.com/adobe doesn't resolve... But this seems like a likely candidate for the article Brian referenced: http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/ Best, alex Alex Keller Information Technology Stanford School of Engineering axkeller () stanford edu (650) 736-6421 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brian Helman Sent: Thursday, November 07, 2013 6:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] FYI - Adobe account compromise There's an excellent description at sophos.com/adobe and on this week's Security Now podcast. -Brian ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Andrew Daviel [advax () TRIUMF CA] Sent: Wednesday, November 06, 2013 4:20 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] FYI - Adobe account compromise FYI Per http://xkcd.com/1286/ and others, hackers have leaked 130 million user records from Adobe, containing email address, 3DES encrypted password, and hint, with lines like: 63498551-|--|-mxxxxxxx () wisc edu-|-eYxxxxxxxxxxxxx==-|-kunsan cutie|-- 2 million of these are .edu addresses
From what I have read, the passwords are encrypted using a symmetric key but the key is unknown. For now. As a mailing list for spam, it needs washing, badly.
All that user education is having some effect, at least. The most popular password is now "123456", an improvement over "12345" a couple of years ago and "1234" before that. Per http://stricture-group.com/files/adobe-top100.txt See also http://www.hydraze.org/2013/10/some-information-on-adobe-135m-users-leak/ http://www.leemangold.com/2013/11/02/adobe-data-breach-faq/ http://tobtu.com/adobe.php http://anonnews.org/forum/post/64784 http://arstechnica.com/security/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/ Password reset: https://www.adobe.com/ca/account/sign-in.adobedotcom.html I'm not sure it's really a big cause for concern, though I guess a lot of people use the same password for everything and there's their password hint "dog's name" sitting out there. The etymology of user names on Hotmail should we worth a sociology paper or two. -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 (Pacific Time) Network Security Manager
Current thread:
- FYI - Adobe account compromise Andrew Daviel (Nov 06)
- Re: FYI - Adobe account compromise Brian Helman (Nov 07)
- Re: FYI - Adobe account compromise Keller, Alex (Nov 07)
- Re: FYI - Adobe account compromise Louis Aponte (Nov 07)
- Re: FYI - Adobe account compromise Brian Helman (Nov 10)
- Re: FYI - Adobe account compromise Gary Warner (Nov 11)
- Re: FYI - Adobe account compromise Brian Helman (Nov 11)
- Re: FYI - Adobe account compromise Gary Warner (Nov 12)
- Re: FYI - Adobe account compromise Keller, Alex (Nov 07)
- Re: FYI - Adobe account compromise Brian Helman (Nov 07)