Broadband Tech > Security > Security > Adobe's code signing certificate has been stolen

Adobe's code signing certificate has been stolen

LOL

Sorry, I know it isn't really funny but Adobe seems to be be run by The Three Stooges Larry/Curly/Moe (pick one).

Actually:

Adobe = Larry
Sun = Curly
Microsoft = Moe

(feel free to change the order)

I usually check the Digital Certificates of stuff I download but I'm sure many don't.
--
Don't feed trolls--it only makes them grow!

reply to MagnusM
Poor Adobe. If Flash isn't getting exploited on 100s of thousands of consumer PCs, it's their build server.

Edit: punctuation
--
QUAD!!!!

reply to MagnusM
Strangely, Adobe don't plan to revoke the certificate until October 4th. Not sure the reasoning behind this, but maybe the revokation process simply takes a number of days to complete.
--
Mischel Internet Security - Developer of TrojanHunter

reply to MagnusM
Next time you bring news it is ok if it's good news.

reply to leibold

reply to Name Game

quote:

---

Doctor Adobe: I have some good news and I have some bad news.
Patient User: What's the good news?
Doctor Adobe: The good news is that the tests you took showed that you have 24 hours to live.
Patient User: That's the good news? What's the bad news?
Doctor Adobe: The bad news is that I forgot to call you yesterday!

---

reply to MagnusM
See also:
Adobe advisory APSA12-01
Hackers Breached Adobe Server in Order to Sign Their Malware
Adobe Revoking Code Signing Certificate Used To Sign Malware

reply to MagnusM

quote:

---

Flash Player isn't affected,

---

reply to MagnusM
I received this feedback from Wiebke Lips at Adobe:

quote:

---

Please note that the certificate was NOT stolen. Adobe has stringent security measures in place to protect its code signing infrastructure. The private keys associated with the Adobe code signing certificates were stored in Hardware Security Modules (HSMs) kept in physically secure facilities. We confirmed that the private key associated with the Adobe code signing certificate was not extracted from the Hardware Security Module (HSM). For details, please refer to the blog post referenced above.

---

Seems the first tweet (»twitter.com/mikko/status/251429422807265280) was a bit unclear:

quote:

---

Our sample repository has 5127 files that have been signed with the compromised Adobe certificate. pic.twitter.com/t0o9M0YA

---

quote:

---

We have thousands of clean, official Adobe files signed with the compromised certificate. Only 3 bad files.

---

That confused me too at first, but I believe they store clean files in their sample repository, so there were 5127 files in total, 5124 of which were legitimate signed Adobe files and then 3 malware files.
--
Mischel Internet Security - Developer of TrojanHunter

reply to norwegian
Adobe--it's all a Flash in the pan

reply to MagnusM
Understand that could be true too.

I was more curious of the date stamp anyway if known, whether it was 3 days or so ago or older. The rest was just insight into figures; which as you point out can be read many ways without the database facts that need to go with it.

I doubt you'll find out much more info. Adobe will most likely keep the facts very close to their chest. The classic "nothing to see here... move along". That's how its handled these days.

A number of large US banks were attacked in the last week and almost all press releases said something to the effect

"We take security seriously and are constantly monitoring it"
"There was no effect on customer accounts"

blah blah blah...
--
Don't feed trolls--it only makes them grow!

reply to MagnusM
Serial Number of the compromised Adobe certificate is 15 e5 ac 0a 48 70 63 71 8e 39 da 52 30 1a 04 88

»twitter.com/mikko/status/2514324···/photo/1

Security Advisory: Upcoming Revocation of Adobe code signing certificate