The problem is that the US untelligence services with their "NSA" programme
have developed ways to hack any encryption, and have obliged companies like
Adobe to build 'back doors' into their systems to enable surveillance snooping.
You may be surprised and flabbergasted at that, but once you come to terms with
it, you will not be surprised that details of these things eventually leak, and
get exploited by criminals.
Indeed, we should probably be more alarmed that these hackers apparently stole
the Adobe Acrobat source code than any credit card details they may have
obtained.
You can be sure that the source will be scrutinised and exploited for whatever
security vulnerabilities they can find in Acrobat and/or the PDF format.
David
Message: 18
Date: Sun, 6 Oct 2013 16:14:49 -0700
From: "Syed Zaeem Hosain (syed.hos...@aeris.net)"
<Syed.Hosain at aeris.net>
To: "Robert Lauriston" <robert at lauriston.com>,
"framers at lists.frameusers.com Forum" <framers at
lists.frameusers.com>
Subject: RE: The Adobe credit card issue may indeed be a major issue -
PLEASE READ - URGENT
Message-ID:
<B4C122ABC82F8744A7E552CA009BA22A1A79B0B9B1 at
EX-BE-019-SFO.shared.themessagecenter.com>
Content-Type: text/plain; charset=us-ascii
Robert Lauriston wrote:
> The credit card numbers in the hacked Adobe data were encrypted, so that was
> probably stolen some other way.
> http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach
That totally depends on how good the encryption was. And, we do not know that -
given the expertise of decryption techniques, this would not be a good thing to
rely on.
Here is what Adobe is saying in their FAQ:
Should customers cancel their credit cards?
Adobe has notified the banks processing customer payments for Adobe, so that
they can work with the payment card companies and card-issuing banks to help
protect customers' accounts.
We are also in the process of notifying customers whose credit or debit card
information we believe to be involved in the incident. Customers whose credit
or debit card information was involved will receive a notification letter from
us with additional information on steps they can take to help protect
themselves against potential misuse of personal information about them.
U.S. only: Adobe is also offering customers, whose credit or debit card
information was involved, the option of enrolling in a one-year complimentary
credit monitoring membership.
We also recommend that customers monitor their account for incidents of fraud
and identity theft, including regularly reviewing your account statements and
monitoring free credit reports. If customers discover any suspicious or unusual
activity on their account or suspect identity theft or fraud, they should
report it immediately to their financial institution.
U.S. only: In addition, customers may contact the Federal Trade Commission
(FTC) or law enforcement to report incidents of identity theft or to learn
about steps they can take to protect themselves from identity theft. To learn
more, customers can go to the FTC's website, at www.consumer.gov/idtheft, call
the FTC at (877) IDTHEFT (438-4338), or write to Federal Trade Commission,
Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
------------------------------
*** Confidentiality Notice: This e-mail, including any associated or attached
files, is intended solely for the individual or entity to which it is
addressed. This e-mail is confidential and may well also be legally privileged.
If you have received it in error, you are on notice of its status. Please
notify the sender immediately by reply e-mail and then delete this message from
your system. Please do not copy it or use it for any purposes, or disclose its
contents to any other person. This email comes from a division of the Invensys
Group, owned by Invensys plc, which is a company registered in England and
Wales with its registered office at 3rd Floor, 40 Grosvenor Place, London, SW1X
7AW (Registered number 166023). For a list of European legal entities within
the Invensys Group, please select the Legal Entities link at invensys.com.
You may contact Invensys plc on +44 (0)20 3155 1200 or e-mail reception at
invensys.com. This e-mail and any attachments thereto may be subject to the
terms of any agreements between Invensys (and/or its subsidiaries and
affiliates) and the recipient (and/or its subsidiaries and affiliates).
