Adobe blows it. A treasure trove of customer information and source code has been found, we’ll share the details.

The DNS hijacking hijinks continue, after several big sites are brought offline. Then its a huge batch of your questions, our answers, and much much more!

Thanks to:

Adobe hacked, 3 million customer records leaked

• Adobe’s servers was compromised sometime between July 31 and Aug. 15, but the attack was not discovered until Sept. 17
• The source code for “numerous” products was stolen, including Adobe Acrobat, Publisher, ColdFusion, and ColdFusion Builder
• The source code leak could allow the attackers to much more easily generate a slew of 0-day attacks against Adobe products, resulting in exploits against which there is no defense
• Sensitive information on people with Adobe accounts was also taken, including names, encrypted credit numbers, expiration dates, order history and more
• “At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems” said Adobe chief security officer Brad Arkin
• “Krebs also saw a list of 1.2 million potential .org domains running ColdFusion that the attackers could use as targets stored among the stolen data”
• “Holden and Krebs discovered a 40 GB file of stolen data, Krebs reported yesterday, on the same server hosting data stolen from brokers LexisNexis, Dun & Bradstreet and Kroll.”
• Additional companies were also compromised
• Additional Coverage – Threatpost
• Additional Coverage – ZDNet
• Adobe Blog – Illegal Access to Adobe Source Code
• Adobe – Important Customer Security Announcement
• Adobe – Customer Security Alert

WhatsApp, AVG, Avira, Alexa websites hacked in apparent DNS hijack

• Network Solutions is investigating an attack by a pro-Palestinian hacking group that redirected websites belonging to several companies.
• A group calling itself the KDMS Team claimed responsibility on Twitter.
• KDMS posted several screenshots on Twitter, including one that affected WhatsApp\’s domain. + The message asserted that the region known as Palestine has been stolen, and that prisoners should be released from Israeli jails.
• The websites affected included those of the security companies AVG and Avira; the messaging platform WhatsApp; a pornography site, RedTube; and Web metrics company Alexa.
• Stated on the company’s blog:
  > \”It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request which was honored by the provider.\”
  > \”Using the new credentials, the cybercriminals have been able to change the entries to point to their DNS servers.\”
• Additional Coverage:
  • WhatsApp Web site hijacked, shows pro-Palestinian message
  • DNS-Based Attack Brings Down New Victim: WhatsApp

Feedback:

vBSDCon Oct 25-27

• freenas – to upgrade or not? and another question

• Is RAID dead?

• Too many computers not enough….

• Next steps in edu

• Faster VPN

• How fast are your Pipes (tubes)

• Allan, Zero Day was an excellent book pick

[asa]0399160450[/asa]

• Threat Vector Audiobook | Tom Clancy, Mark Greaney | Audible.com

Round Up:

• NSA tracks Google ads to find Tor users
• Patch Tuesday two-for-one sale. Microsoft fixes 2nd unannounced 0-day exploit in IE being exploited in the wild
• Malware authors scramble to become the next exploit kit after Blackhole author arrested
• Reclaim disk space, Microsoft finally releases a tool to remove unneeded windows update backup files
• Why attacks on the internet need to be public
• Google adds rewards for improving security in critical infrastructure open source projects including OpenSSH, Bind and ISC DHCP
• What pentesters can learn from spammers
• Most popular BSDCan talk ever – 2010 Everything you need to know about cryptography in 1 hour
• Police demand ability to arbitrarily take down and redirect domain names
• Great lightning talk from DestroyAllSoftware, “WAT”
• Gameover trojan using SSL to encrypt command and control functions
• Bulletproof hoster Santrex shutdown