funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: Important Password Reset Information

From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 4 Dec 2013 18:21:50 -0500
It looks like Adobe is finally contacting folks about their massive data
loss. Considering it was revealed on October 3, that makes over two months.
(Likely longer since Adobe did not know about it for months).

Fortunately, Adobe was following "best practices".... Oh wait, according to
Schneier and others, they were not [0,1].

How's that for corporate responsibility..... The executives at Adobe will
probably give themselves bonuses for a job well done.

[0] https://www.schneier.com/blog/archives/2013/11/cryptographic_b.html
[1]
http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/

---------- Message headers ----------


Delivered-To: noloader () gmail com
Received: by 10.220.10.8 with SMTP id n8csp284786vcn;
        Wed, 4 Dec 2013 09:14:17 -0800 (PST)
X-Received: by 10.52.74.74 with SMTP id r10mr3646vdv.78.1386177257251;
        Wed, 04 Dec 2013 09:14:17 -0800 (PST)
Return-Path: <bounce-62_HTML-169942194-272861-1324723-1178 () bounce mail adobesystems com>
Received: from mta3.mail.adobesystems.com (mta3.mail.adobesystems.com.
[68.232.207.54])
        by mx.google.com with ESMTP id sl9si18323867vdc.21.2013.12.04.09.14.16
        for <noloader () gmail com>;
        Wed, 04 Dec 2013 09:14:17 -0800 (PST)
Received-SPF: pass (google.com: domain of
bounce-62_HTML-169942194-272861-1324723-1178 () bounce mail adobesystems com
designates 68.232.207.54 as permitted sender) client-ip=68.232.207.54;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of
bounce-62_HTML-169942194-272861-1324723-1178 () bounce mail adobesystems com
designates 68.232.207.54 as permitted sender)
smtp.mail=bounce-62_HTML-169942194-272861-1324723-1178 () bounce mail adobesystems com;
       dkim=pass header.i=email () mail adobesystems com;
       dmarc=pass (p=NONE dis=NONE) header.from=mail.adobesystems.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=200608;
d=mail.adobesystems.com;
 h=From:To:Subject:Date:MIME-Version:Reply-To:Message-ID:Content-Type:Content-Transfer-Encoding;
i=email () mail adobesystems com;
 bh=SlCDhFAVlbPLga27/9LPR+3U2Sk=;
 b=QHsl8/wPCIW+Qwt3GuT739mo0babgmXgx6mXzXrCXV/QGTu2zoW88wfXaUHeRlCHUBKt4suoQcFg
   ZaKmm0TdlQrKvGZalIxZ/QEy12d6/b/h2fzQuQZfE55/sMI6PsHbqRsjRuXOeq9jTqmJ1Nxiso1H
   Ssu3VxzluvyjoS2c/hA=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=200608;
d=mail.adobesystems.com;
 b=n5BAcsY59b7ghk9pg0+1htbmjtBWmMr72T/HuVgMWMopbqRNpmWbHNmOlQxBSZkM3pW/pWh1cugn
   UT5UxP5k6vWTO+f7IQTCdRECehFir5eGHR4D1rbZv01g+/5DTfQR1pfCOLRJm57S3Hyui4u/CMT2
   okb40wS/g0kvcNzt6VY=;
Received: by mta3.mail.adobesystems.com id hjthei163hsr for
<noloader () gmail com>; Wed, 4 Dec 2013 10:45:55 -0600 (envelope-from
<bounce-62_HTML-169942194-272861-1324723-1178 () bounce mail adobesystems com>)
From: "Adobe Customer Care" <email () mail adobesystems com>
To: <noloader () gmail com>
Subject: Important Password Reset Information
Date: Wed, 04 Dec 2013 10:45:53 -0600
MIME-Version: 1.0
Reply-To: "ExactTarget Reply Mail Management"
<reply-fec51677776c027c-62_HTML-169942194-1324723-1178 () mail adobesystems com>
x-job: 1324723_272861
Message-ID: <7d5b5d13-e498-4f4d-a73e-ef4ae3f4c41a () xtnvmta1243 xt.local>
Content-Type: text/html;
        charset="utf-8"
Content-Transfer-Encoding: 8bit

---------- Forwarded message ----------
From: Adobe Customer Care <email () mail adobesystems com>
Date: Wed, Dec 4, 2013 at 11:45 AM
Subject: Important Password Reset Information
To: noloader () gmail com


 Important Password Reset Information
      [image: Adobe]   Read
online<http://view.mail.adobesystems.com/?j=fec51677776c027c&m=fe9915737760037f76&ls=fe2c16737c61017d771273&l=ff971272&s=fe2215767c6d007f741d74&jb=ff2e1571726c&ju=>
 [image:
Adobe]       *Important Password Reset Information *

*To view this message in a language other than English, please click here
<http://www.adobe.com/go/ncc-email>.*

As we announced on October 3, 2013, we recently discovered that an attacker
illegally entered our network and may have obtained access to your Adobe ID
and encrypted password. We currently have no indication that there has been
unauthorized activity on your account.

To prevent unauthorized access to your account, we have reset your
password. Please visit *www.adobe.com/go/passwordreset* to create a new
password. We recommend that you also change your password on any website
where you use the same user ID or password. In addition, please be on the
lookout for suspicious email or phone scams seeking your personal
information.

We deeply regret any inconvenience this may cause you. We value the trust
of our customers and are working aggressively to prevent these types of
events from occurring in the future. If you have questions, you can learn
more by visiting our Customer Alert page, which you will find
here<http://www.adobe.com/go/customer_alert>.

     Adobe Customer Care    Adobe, the Adobe logo and Adobe PDF logo are
either registered trademarks or trademarks of Adobe Systems Incorporated in
the United States and/or other countries. All other trademarks are the
property of their respective owners.

©2013 Adobe Systems Incorporated. All rights reserved.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: