Adobe Article

http://pv.tl/blog/2013/11/03/adobe-password-analysis/

Todd


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Shocking.

Todd wrote:

http://pv.tl/blog/2013/11/03/adobe-password-analysis/

Todd
http://xiiro.com


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options


Best wishes Peter

Peter Tucker • Oxford, UK • email@hidden


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

That is simply stunning…


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Find out if your account details were on the list here (mine were…):

Joe


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Joe, do you know if this site is affiliated with Adobe? Can it be trusted?

Todd

Find out if your account details were on the list here (mine were…):

http://adobe.breach.il.ly/


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

I don’t believe it is affiliated with Adobe in any way, but I don’t see any way that they can use the data you enter in a negative way. It simply looks up the address you enter on the list that was made public after the attack. If your address is on there it recommends you go to the Adobe site immediately to change the address. It’s not a phishing scam since they don’t provide a link. If the address isn’t on there then a message saying the address is ok is displayed.

I tried a couple of addresses and it picked out the only one that I have an account with. Signing in to the Adobe site prompted me to change my password right away, but made no mention of the security breach…

Joe


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

My email was listed. Nothing up front saying change now when I went to log in but I did finally notice this link:

http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html

I certainly didn’t get any notification.

s


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Same here.

Todd

I certainly didn’t get any notification.


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Mine too. Although my recollection was that Adobe reset everyone’s password after the breach had occurred and made you pick a new one.


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Since this is not an Adobe website, what is the possibility that it returns
the same answer for everyone - because it’s not actually checking anything,
but recording the email you input along with your IP and all the usual
stuff - silently gathering an enormous database for spammers?

I’m not saying they are doing that, just that’s what my brilliant evil twin
would do.

Same here.


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

That’s exactly what prompted my earlier response to Joe. I guess there’s no way to know for certain. Feelin’ lucky?

Todd

Since this is not an Adobe website, what is the possibility that it returns
the same answer for everyone - because it’s not actually checking anything,
but recording the email you input along with your IP and all the usual
stuff - silently gathering an enormous database for spammers?

I’m not saying they are doing that, just that’s what my brilliant evil twin
would do.

Same here.


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Joe tested it with multiple addresses, and it properly picked the correct one out of the “line-up”. I tested it with my Adobe account e-mail, and it properly identified me as a victim of this hack.

The sick/sad thing is that this was really easy for Adobe to avoid. All they would need to do is follow basic best practices, all of which are built directly into all of the major Web authentication frameworks. DIY is not a good choice here.

Walter

On Nov 12, 2013, at 5:00 PM, Ernie Simpson wrote:

Since this is not an Adobe website, what is the possibility that it returns
the same answer for everyone - because it’s not actually checking anything,
but recording the email you input along with your IP and all the usual
stuff - silently gathering an enormous database for spammers?

I’m not saying they are doing that, just that’s what my brilliant evil twin
would do.

Same here.


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Joe tested it with multiple addresses, and it properly picked the correct one out of the “line-up”

Interestingly it identified mine and also my other half who certainly does not have an Adobe account.

I am with Ernie on the malicious evil twin idea.

David


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

I have eight different email logins for different bits of Adobe. Every
one is on the hacked list.

1Password** really helps to manage a different email and password combo
for each login, so that if compromised, I can simply shut the email down.

I have changed all my Adobe passwords. And checked in 1Password for
duplicate ones. I think I’m now in the clear. But they may also have my
card details too, although there I think is only one card I use.

As Walt says it was avoidable if only Adobe … a heinous crime and
negligent company!

** I use 1Password, there are other password managers but I started with
1P and stuck with it.

Peter

Joe Billings wrote:

Find out if your account details were on the list here (mine were…):

http://adobe.breach.il.ly/

Joe


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options


Best wishes Peter

Peter Tucker . Oxford, UK . email@hidden


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

That’s what I thought until I tested it with an old email used to register Macromedia products (now moved to Adobe) And it picked up that one. Going to the Adobe site to login prompted me to change the password.

But hey, it still could be harvesting extra emails to add to the list.

David

On 12 Nov 2013, at 22:00, Ernie Simpson email@hidden wrote:

Since this is not an Adobe website, what is the possibility that it returns
the same answer for everyone - because it’s not actually checking anything,
but recording the email you input along with your IP and all the usual
stuff - silently gathering an enormous database for spammers?

I’m not saying they are doing that, just that’s what my brilliant evil twin
would do.

Same here.


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Again, to be fair, I’m not saying that the site is doing anything
nefarious.

Only that if I were evil, all your base are belong to me.


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Yes it’s good is 1password. A Free option is the password generator in Keychain access.

Password access is a big problem waiting for somebody to find a better solution. Not to be depressing but for example what happens if a person passes away, yet has all kinds of online assets that needs to be sorted out less they fade away also? Locking access away in other software of machines might not work for those less tech savvy.

David Owen { Freeway Friendly Web hosting and Domains }

http://www.ineedwebhosting.co.uk | http://www.PrintlineAdvertising.co.uk

On 13 Nov 2013, at 08:47, Peter Tucker email@hidden wrote:

** I use 1Password, there are other password managers but I started with 1P and stuck with it.


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options