toggle

AAPL Stock: 122.77 ( -1.73 )

Printed from http://www.macnn.com

Adobe reveals details of two-month-old server intrusion

updated 10:04 pm EDT, Thu September 27, 2012

Authentication server penetrated; code signed as Adobe-authentic

Adobe warned today that an internal digital code signing server was hacked by "sophisticated threat actors" focusing on Adobe. The early-July hack led to the compilation of a minimum of two malicious files that were digitally signed and authenticated as Adobe genuine software. The hack gave the attackers the means to build malware that the operating system views as legitimate Adobe-created software, making it that much harder for security packages to detect and eliminate the threat.

Adobe security chief Brad Arkin noted that "The first malicious utility we received is 'pwdump7 v7.1.' This utility extracts password hashes from the Windows OS and is sometimes used as a single file" linking OpenSSL to Windows.

Temporarily, Adobe's new signing solution includes an offline human validation step to guarantee all new signatures are actually Adobe software. "We are in the process of designing and deploying a new, permanent signing solution," Arkin added.

Few details of the actual breach were provided, except that it affected a build server with access to the verification routines. Arkin admitted that the server didn't comply with "Adobe corporate standards for a build server" and are "investigating why our code signing access provisioning process in this case failed to identify these deficiencies."

Adobe claims that no source code was stolen during the intrusion. The impacted certificates will be revoked on October 4, 2012. All code signed by Adobe after July 10, 2012 is impacted by the certificate revocation.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

Entry-level 27-inch Retina iMac

The 27-inch Apple iMac with 5K Retina display is already one of the best value-for-money Macs that Apple has ever released. It was som ...

toggle

Most Commented