Posts tagged "hacker"

“Hacker Village” at Adobe Tech Summit

During Adobe’s Tech Summit, hundreds of people from across the company visited the Hacker Village. Adobe Tech Summit is an annual gathering of product development teams from across all businesses and geographies. We get together to share best practices, information about the latest tools and techniques, and innovations to both inspire and educate.

The Hacker Village was designed to teach about the various attack types that could target our software and services. It consisted of six booths. Each booth was focused on a specific attack (cross-site scripting, SQL injection etc.) or security-related topic.

The booths were designed to demonstrate a particular attack and give visitors the opportunity to try the attack for themselves; including attacking web applications, cryptography and computer systems and more. For instance, the RFID booth was designed to demonstrate how a potential attacker can steal information from RFID cards. Upon visiting the information booth, visitors chose a RFID card that represented a super hero and were told to keep it hidden. Unbeknownst to our visitors we had a volunteer RFID thief carry a high powered RFID device concealed in a messenger bag. By getting within two feet of a card, he was able to successfully steal the information from the RFID card and display which super hero RFID cards had been compromised.

In the Wi-Fi booth, visitors learned about how susceptible wireless networks are to attacks. Lab participants were able to see what access points their own mobile device had connected to in the past, by intercepting the probe requests sent by a mobile device. The wireless drone introduced visitors to the concept of war flying – mapping out wireless networks. At the other booths, visitors successfully exploited sql injection using SQLmap, cross-site scripting using BeEF, system hacking using Armitage, and cracking passwords using John the ripper.

By completing one or more of the labs, the participants had the opportunity to take home their very own suite of hacker tools.

The Hacker Village was a huge success. In just a three hour time frame, the Hacker Village had more than 325 visitors and 225 lab participants. Most of the participants completed multiple labs, with dozens visiting all six booths. The feedback was positive and many people showed a strong interest in security after visiting one or more of the booths.

Taylor Lobb
Senior Security Analyst

Illegal Access to Adobe Source Code

Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party.  Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident.

Adobe thanks Brian Krebs, of KrebsOnSecurity.com, and Alex Holden, chief information security officer, Hold Security LLC. holdsecurity.com  for their help in our response to this incident.

We are not aware of any zero-day exploits targeting any Adobe products. However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products.

For more information on Acrobat security, please visit the Acrobat Developer Center.

For more information on ColdFusion 10 security, please visit the ColdFusion Developer Center.

 

Brad Arkin

Chief Security Officer