Scam of the day – November 18, 2013 – Latest Adobe developments

For more than a month I have been warning you and updating you about the hacking of Adobe and the theft of both personal information on more than 38 million of its customers as well as source code for for its Adobe Acrobat, Cold Fusion and ColdFusion Builder programs.  The danger posed by the theft of the source code cannot be overestimated as it can be expected to lead to exploitation of flaws in the code of these programs, some of which are used in the development of many of the websites we all frequent that can lead to identity theft for millions more people.  Facebook and a number of other companies are so concerned that they are now requiring members who use the same password for Facebook as they do for Adobe to change their passwords.  Identity thieves rely on many people using the same passwords for multiple sites and once a password has been compromised, as has happened with the Adobe hacking, identity thieves use that password at other sites to gain access to information that can make the person whose information has been stolen a victim of identity theft.  Adobe has been quite active in trying to update its security for its products since the time of the hacking and has just released security updates for its Adobe Flash Player as well as its ColdFusion software.  If you use either of those programs, you should download and install these updates as soon as possible.

TIPS

Here are the links to the latest Adobe security updates for the Adobe Flash Player and the Adobe ColdFusion software.  If you use either or both of these programs you should install them immediately.  It is vital that you install security patches and updates for all of the software programs you use as soon as they are available.  Identity thieves and hackers rely on people procrastinating installing these security patches.  It is also important to use different passwords for each of your online accounts so that if, as happened here, your information is stolen by one company with which you do business being hacked, your entire online life is not jeopardized.

https://www.us-cert.gov/ncas/current-activity/2013/11/13/Adobe-Releases-Security-Updates-Adobe-Flash-Player

https://www.us-cert.gov/ncas/current-activity/2013/11/13/Adobe-Releases-Security-Update-Adobe-ColdFusion

Follow Scamicide each and every day so that you are constantly updated as to the latest developments in scams and identity theft and what you need to do to protect yourself.

Scam of the day – October 11, 2013 – New Adobe data breach developments

I have been reporting to you in October 5th’s Scam of the day and October 9th’s Scam of the day about the breach at Adobe, the maker of products such as Adobe Acrobat PDF reader, Adobe Photoshop and Adobe ColdFusion that is affecting a minimum of 2.9 million Adobe customers who had personal information including their names and credit card numbers stolen by hackers.  There is a good reason for my focus on this breach, which is that it may end up affecting many millions more whose information was not stolen.  Adobe was targeted both because it is very popular and because it is very vulnerable.  The code for many of its programs are old and not state of the art.  It is easier for hackers and identity thieves to find and exploit vulnerabilities in these programs.  The Adobe ColdFusion program is used by many companies and governmental agencies in the construction of websites.  Even the Department of Defense uses it.  It is entirely possible in stealing the code, that hackers would be able to steal data bases from agencies and companies that use these programs.  This is not a far fetched idea.  Earlier this year the National White Collar Crime Center which uses Adobe ColdFusion had its data stolen in this manner.  Consequently anyone using Adobe products is potentially at risk because if you use their software or go to a tainted website, you may end up downloading unwittingly keystroke logging malware that can steal all of your personal information from your computer.  Even if you have up to date anti-malware software, you may still be vulnerable because the makers of anti-malware software are always at least a month behind in protecting against the latest viruses and malware.

TIPS

Just as the Department of Homeland Security advised people not to use Java software if they could avoid it because of similar hacking and malware problems so should you consider using other software for reading PDFs or creating websites.  In my Scam of the day of October 9th I told you about www.pdfreaders.org where you can find a list and links to other PDF reading software.  If you do decide to continue to use Adobe software, you should immediately install their latest patches which have just been released.  Here is the link to the patch for Adobe Reader and Adobe Acrobat  http://www.adobe.com/support/security/bulletins/apsb13-25.html  and here is the link to RoboHelp 10 for Windows http://www.adobe.com/support/security/bulletins/apsb13-24.html  I will continue to follow this important story for new developments.  Make sure you read Scamicide each day so you don’t miss anything.

Scam of the day – October 9, 2013 – Critical new developments in Adobe hacking

Recently I informed you of the major hacking into Adobe, the maker of many software programs that we all use.  Personal data on 2.9 million Adobe users was stolen by hackers over a period of as much as five months before Adobe discovered the breach of its security and it was not until a computer security company alerted the public to the hacking that Adobe, itself made a public statement about the hacking even though forty six states have laws requiring that companies notify its customers of data breaches when they occur.  Adobe is only now notifying affected customers who can expect to receive a letter within the next two weeks if their personal information, such as name and credit card information was compromised.  But, as I often say, things are not as bad as you think.  They are far worse.  The hackers not only got information about customers.  They also got source code for the Adobe Acrobat PDF reader and the Adobe ColdFusion web app developer’s tool.  This will enable identity thieves and hackers to poison PDF’s that you open on a tainted website such that when you use Adobe Acrobat to read the PDF, you will unwittingly be downloading malware such as keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft.  Adobe ColdFusion is used by many creators of mobile apps and websites.  By having the source code for Adobe ColdFusion, hackers and identity thieves can infect these apps and websites so that when you use the apps or websites, you again download dangerous malware.

TIPS

If you are a regular user of Adobe products and you receive a letter from the company telling you that your security has been breached, you should be particularly alert as to monitoring your financial accounts.  You should also consider putting a credit freeze on your credit reporting agency accounts.  You can find instructions here on the Scamicide website as to how to do this.  You should also make sure that your security software for your computer, smartphone and tablet are up to date and that you have the latest anti-malware software as well.  Even if you have not been directly affected by the breach, you should consider using a PDF reader other than Adobe.  There are many free ones available that are more secure than Adobe, such as Evince or Sumatra PDF.  You can find a list of them at www.pdfreaders.org.

Scam of the day – October 5, 2013 – Adobe data breach

Adobe makes software used by millions of consumers.  Recently Adobe announced that it had been hacked and personal information belonging to 2.9 million of its customers was stolen.  The stolen information included names, encrypted credit card numbers, and expiration dates as well as information pertaining to individual orders.  In response, Adobe is resetting passwords for affected customers.  If your user ID and password were compromised by the hacking, you will be receiving an email from Adobe with information about changing your password.  It is important if you use the same password on other websites, as many people do, that you also change your passwords there as well.  It is a good idea to have a different password at each website you go to.  Adobe is also offering customers whose credit or debit card information was stolen a free credit monitoring service for one year.

TIPS

If, as many people, you use Adobe products, you should be on high alert to the possibility of identity theft.  Keep close tabs on all of your accounts particularly those debit cards or credit cards that you may have used at Adobe.  I will keep you informed as further developments occur.