Good Muse Everyone! http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html
My fav. line in the above is " There is no evidence to date that any source code was stolen." I mean, aside from the obvious fact that the attackers were knowledgable enough about the organization to find and use the custom code-signing API. The Chinese modus operandi is to dump tools that have been discovered, so maybe we will be lucky enough to see them posted to a Chinese forum shortly? If it affects the Windows platform, does that mean attackers can autoupdate your Reader with signed versions of pwdump? Hard to know from the Adobe press release. (That said, the Key itself was stored on hardware, which is a step up from the Fedora attack...) -dave -- INFILTRATE - the world's best offensive information security conference. April 2013 in Miami Beach www.infiltratecon.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
