Skip to main content


PHP Security Adobe Hack


Adobe admits that attackers accessed their network and all passwords have been reset. They believe 3 million accounts are included. Account total bumped to 38 million November: Account total again bumped to 150 million, and with additional data (names, password hints, etc.), the total file size is 10GB. Adobe listed the data as “encrypted”. Experts stated that this was probably in error and what they really meant is that it was hashed... and the experts were wrong.


The dataset includes rich plaintext emails, usernames,password hints and encrypted password hashes. Additionally, credit card data was also accessed and is said to use similar encryption.

Because the frequency of matching password hashes, we know that the data is unsalted and likely uses 3DES. No one has publicly announced that they have accessed the private key, however it’s only a matter of time before it’s found.

At 150 million accounts, many people will have reused passwords for other sites, and because Adobe uses emails for login, those will most likely match too. (Hello banking/Facebook/etc)?

Adobe has the credit card data on file for every Creative Cloud customer and people who have purchased other products. Once cracked this provides an even better (larger) dataset for commonly used passwords than lists from Gawker and others.

What did Adobe do wrong? Encrypting and not hashing passwords. Not salting passwords. Storing plain text password hints with the other data. Allowing poor passwords. Allowing poor password hints. Slow response.


File Type: PDF
File Size: 1.68 MB
Total Pages: 32

Direct Link Mega:
Download Now
Direct Link AnonFiles:
Download Now
Direct Link Mediafire:
Download Now
Direct Link Solidfiles:
Download Now
Direct Link Sabercathost:
Download Now
Direct Link Tusfiles:
Download Now

Labels:

Comments

Post a Comment

Popular posts from this blog

Web Hacking 101

With a Foreword written by HackerOne Co-Founders Michiel Prins and Jobert Abma, Web Hacking 101 is about the ethical exploration of software for security issues but learning to hack isn't always easy. With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different. Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties.
Post a Comment
Read more

High Performance Cloud Auditing

This eBook mainly focuses on cloud security and high performance computing for cloud auditing. The eBook discusses emerging challenges and techniques developed for high performance semantic cloud auditing, and presents the state of the art in cloud auditing, computing and security techniques with focus on technical aspects and feasibility of auditing issues in federated cloud computing environments.
Post a Comment
Read more

Hack-X-Crypt (By Ujjwal Sahay)

This is basically a straight forward guide towards ethical hacking and cyber security.Computer hacking is the practice of altering computer hardware and software to carry out a goal outside of the creator‘s original intention. People who slot in computer hacking actions and activities are often entitled as hackers. The majority of people assume that hackers are computer criminals. They fall short to identify the fact that criminals and hackers are two entirely unrelated things.
Post a Comment
Read more