RE: [NTSysADM] RE: Adobe Customer Data breached

[Kennedy, Jim]

/rant back on.

Dreamweaver requires local admin rights

/rant off

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Friday, October 4, 2013 10:59 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: Adobe Customer Data breached

Adobe should be ditched en masse. They've been a massive target for hackers for 
years along with Java, and they still can't act responsibly. At least Microsoft 
took the beatings of Sasser, Blaster, etc. and came back with a proper security 
mindset. To top it off their code is still the most bloated piece of garbage I 
have to deal with when it comes to delivering apps. I hope this puts them out 
of business.

Rant off ;-)

On 4 October 2013 15:52, Kennedy, Jim 
<kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>> wrote:
We are mapping out a very quick migration to Foxit.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Ziots, Edward
Sent: Friday, October 4, 2013 10:50 AM

To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Adobe Customer Data breached

The worst part about it was that some of there source code was stolen also, 
which allows those whom stole it into a treasure trove of possible unknown 
vulnerabilities due to flaws in the code which could bring around the next wave 
of attacks on the PDF/Flash aspects, which are used everywhere therefore the 
impact felt around the world might be very high. I am assuming we might see 
some of these new 0 days in specific web exploitation kits in the not-so near 
future.

Z

Edward E. Ziots, CISSP, CISA, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>
Work:401-255-2497<tel:401-255-2497>


This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.
[Description: Description: Lifespan]


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Stefan Jafs
Sent: Friday, October 04, 2013 10:39 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Adobe Customer Data breached

Yeah, they sent me an re-set password link this morning and a lengthy apology 
e-mail yesterday.

__________________________________
Stefan Jafs

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ziots, Edward
Sent: Friday, October 4, 2013 10:02
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Adobe Customer Data breached

Its much more than that.

Z

Edward E. Ziots, CISSP, CISA, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>
Work:401-255-2497<tel:401-255-2497>


This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.
[Description: Description: Lifespan]


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Friday, October 04, 2013 9:06 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: Adobe Customer Data breached

Or a ColdFusion one

On 4 October 2013 14:04, Richard McClary 
<richard.mccl...@aspca.org<mailto:richard.mccl...@aspca.org>> wrote:
Can't help wondering if someone missed a Flash update

--
richard

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Ziots, Edward
Sent: Friday, October 04, 2013 8:00 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Adobe Customer Data breached

http://nakedsecurity.sophos.com/2013/10/04/adobe-owns-up-to-getting-pwned-login-and-credit-card-data-probably-stolen-all-passwords-reset/?utm_source=Naked+Security+-+Sophos+List&utm_medium=email&utm_campaign=93ed7d3d97-naked%252Bsecurity&utm_term=0_31623bb782-93ed7d3d97-454838729

Z

Edward E. Ziots, CISSP, CISA, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>
Work:401-255-2497<tel:401-255-2497>


This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.
[Description: Description: Lifespan]


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Friday, October 04, 2013 8:13 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Account Utility

Very few (of the sites I go to) ever look at the privileged accounts.  The last 
assessment I did had over 100 DA accounts and almost as many EA and SA 
accounts.  The majority of their service accounts were in all three groups!!!   
Until I ran MBS' script, they had no idea how many local SQL Server and SQL 
Express installs had been done using the domain's SQL Service account and that 
account was a member of all three privileged groups.


Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Free, Bob
Sent: Thursday, October 03, 2013 11:52 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Account Utility

The first two I get, the third is really hard to comprehend.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Thursday, October 03, 2013 8:09 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Account Utility

MBS' script works like a charm.  I have used it when doing assessments for AD 
migrations.  I have NEVER seen an IT org that knew every service account used, 
where they were used or how many of those service accounts had domain admins 
privileges.

Webster


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Thursday, October 03, 2013 11:00 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Account Utility

http://theessentialexchange.com/blogs/michael/archive/2008/02/29/finding-services-using-non-system-accounts-with-powershell.aspx


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Steve Norton
Sent: Thursday, October 3, 2013 8:10 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Account Utility

A long time ago I used a utility that showed me what account services were 
running under on all my servers. My environment is Windows 2003 and 2008 R2. 
Ideally this would be a utility that I can run from a Windows 7 workstation 
against servers. Suggestions appreciated.

________________________________
PG&E is committed to protecting our customers' privacy.
To learn more, please visit http://www.pge.com/about/company/privacy/customer/
________________________________

The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.



--
James Rankin
Technical Consultant (ACA, CCA, MCTS)
http://appsensebigot.blogspot.co.uk



--
James Rankin
Technical Consultant (ACA, CCA, MCTS)
http://appsensebigot.blogspot.co.uk

<<inline: image001.jpg>>