The UpStream

Adobe Says Almost 3 Million Accounts Compromised in Illegal Access to Source Code

posted Saturday Oct 5, 2013 by Nicholas DiMeo

Adobe Says Almost 3 Million Accounts Compromised in Illegal Access to Source Code

We could go on and on and on about websites and companies getting hacked, compromising millions of customers' data, seemingly ever three months or so. One of the more notable cases was in 2011, when Sony's PlayStation Network was hacked, taking the service down for a very long time and causing stress and identify theft to customers everywhere. This week is no exception, as Adobe is in the news for a breach that's put 3 million accounts at risk.

At first, an Adobe blog post explained some of what happened, which involves illegal access to source code for various Adobe products.

Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident.

Adobe thanks Brian Krebs, of KrebsOnSecurity.com, and Alex Holden, chief information security officer, Hold Security LLC. holdsecurity.com for their help in our response to this incident.

We are not aware of any zero-day exploits targeting any Adobe products. However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products.

At the time of the post, it seemed like everything could have been contained. However a blog post a few days later revealed that customer data was indeed compromised, but Adobe believes that decrypted credit card numbers were not removed from its systems, but encrypted numbers have been put at risk. Chief Security Officer Brad Arkin explains,

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders... We're working diligently internally, as well as with external partners and law enforcement, to address the incident.

So, now that almost 3 million customers have had some sort of data compromised, Adobe is taking action. Any "relevant" customer password have been reset to stop unauthorized access to their Adobe ID accounts. An email should be in any affected customers' inboxes with instructions on how to reset the password. For those customers who may have had their credit card numbers put at risk, Adobe will be in contact with those people and will be offering one-year of credit monitoring services for free. Adobe has also let any banks know about the breach and are working with card-issuing banks to protect customers' accounts. Anyone with concerns should visit Adobe's customer support page, where agents can be of assistance.

This serves as an unfortunate reminder that no account is safe anywhere, and two use two-step verification systems, online-only debit cards with limits and other security measures whenever possible. Do constant security breaches like this deter you from putting your information online and trusting said information with any company? Why or why not? We want your thoughts in the comments section below.

LightSquared Assests Up for Auction on Nov 25th with DISH as Lead Bidder

posted Thursday Oct 3, 2013 by Nicholas DiMeo

LightSquared Assests Up for Auction on Nov 25th with DISH as Lead Bidder

I feel like I'm repeating myself - maybe because I am - but if you thought the LightSquared saga was over, think again. The company was going to revolutionize the 4G industry, but that was before the FCC became confused by the technology and blamed LightSquared for GPS interference. So, the company filed bankruptcy in August of last year and now it has put all of its assets up for auction.

LightSquared mainly owns a bunch of spectrum licenses, but all of the company will be pieced apart and auctioned off on November 25th. So far, L-Band Acquisition Corp is the lead bidder, who wants to buy all of LightSquared, including 40 MHz of wireless spectrum, for $2.2 billion. That company, interestingly enough, is tied to DISH Network, a corporation that has been wanting to get into mobile for quite some time now. It is also intriguing to note that this is the same spectrum that the FCC initially blocked, causing LightSquared to go into business. It seems that the government agency has had a change of heart now that someone else has entered the picture. The FCC allowed this spectrum to be auctioned under the premise that it could be used for any purpose.

Analysts have said that the DISH pickup seems likely, as there might not be any other bidders for this particular spectrum, especially if LBAC is offering over 2 billion in cash for the entire company. In addition, DISH already owns two ranges of 40 MHz S-band spectrum, which they grabbed from TerreStar Networks for $2.9 billion, when that company went under. DISH also has a slot of 700 MHz spectrum. Those three acquisitions along with this potential buyout sets up DISH Network to execute a wireless network perfectly.

And, they already have the experience. When Sprint was acquired by Softbank, putting DISH out of the race, they teamed up with regional MVNO NTELOS to rollout broadband services to the countryside of Virginia, running on 2.5 GHz spectrum.

We'll know what happens by November 25th, however if DISH does in fact get the bid, this would put the satellite TV company in charge of a lot of spectrum in order to roll out their own mobile offerings. This could put DISH toe-to-toe with T-Mobile and Sprint, if the rollout is nationwide. That move could be beneficial for all cell phone users across the country, as another contender in the ring will bring more competition, which means more innovation in the marketspace, and hopefully, lower prices for consumers. Or, it could put someone else out of business.

FAA Advisory Panel on In-flight Electronics Usage Votes on Recommendation to Ease Restrictions

posted Sunday Sep 29, 2013 by Nicholas DiMeo

FAA Advisory Panel on In-flight Electronics Usage Votes on Recommendation to Ease Restrictions

Three months ago, we covered the FAA's advisory panel that would hopefully lighten up restrictions on electronics usage during flights, and on takeoff and touchdown. This week, we finally have an update on what was decided behind those closed cabin doors.

The 28-person FAA advisory committee voted to suggest to the FAA that the Administration reconsider not allowing passengers to use mobile devices, MP3 players and e-readers during takeoffs and landings. Of course, this is only a recommendation, and now the FAA will have to decide if the advisory panel's input makes sense or not. The good news is that if the FAA does go along with the recommendation, air travelers in the US will no longer have to follow the silly rule of turning anything with batteries off when the door of the plane is shut.

As of right now, even Airplane Mode doesn't suffice for your device, nor does leaving your e-ink reader in standby, even though it isn't drawing power. Yes, the government as a whole is still unsure of how technology is used. Hopefully this recommendation will change all of that. However, it is worth noting that some devices may actually have to use that Airplane Mode feature, as you will still not be able to transmit data over a radio network, surf the Web or talk on the phone. Basically, using your 4G LTE, WiMAX or 3G networks - anything that can send or receive outside data that isn't using the plane's WiFi - will still not be allowed.

As one analyst, Henry Harteveldt, put it so simply,

You will be able to read or work on what's stored on the device. You want to edit that PowerPoint? Great. You want to watch Breaking Bad and you have it downloaded to your smartphone or your tablet? You can continue to do that.

Luckily, our elected officials in the Senate have been hard at working doing something other than play poker, and even some of them understand that listening to your music isn't going to blow up the plane (I can safely say that because I'm not on a plane right now). Senator Claire McCaskill of Missouri stated it slightly better, and less explode-y. "These devices are not dangerous. Your Kindle isn't dangerous. Your iPad that is on airplane mode is perfectly safe," she said.

We could see restrictions lifted as early as 2014, however it will be up to the airlines to put these policies into place, which could take as long as they feel necessary to "review" the information. Senator McCaskill said she would create a law that would essentially force airlines to comply if they don't move fast enough on making the changes. My hopes are that by E3 of next year, if the event is still a bit relevant, I'll be able to mix down some last-minute audio clips on the plane while Scott finishes up our graphics for the convention coverage.

Microsoft Releases Second Transparency Report of Government Agency Data Requests

posted Sunday Sep 29, 2013 by Nicholas DiMeo

Microsoft Releases Second Transparency Report of Government Agency Data Requests

Earlier this month, we covered Yahoo's transparency report, which was very impressive and intriguing in terms of the numbers, accounts and countries in which information was disclosed. Of course, this wasn't the first report in a post-PRISM world, and companies like Google and Twitter have also released such data. Now, Microsoft is adding to the list again, and has released a similar report of the first six months of 2013.

From Microsoft, here's what the company's report covers:

This is our second Law Enforcement Requests Report and it covers the period from January to June 2013. The report details the number of requests for data we received from law enforcement agencies around the world, and how Microsoft responds to those requests. It covers requests for data relating to all of Microsoft's online and cloud services, including Skype.

Much like the other reports, Microsoft won't disclose detailed information about the type of request nor any national security letters. However, unlike Yahoo, Microsoft did not include any NSLs in its report, while Yahoo simply added them into the general pool of requests.

So, here's the numbers. Including Skype, the first six months of 2013 brought Microsoft 37,196 requests of 66,539 accounts. In 2012, these numbers totaled 75,378 requests for 137,424 accounts. In this, the ever-popular "non-content data" was disclosed to 77 percent of the accounts, and 21 perfect of account requests were responded to with no data given. For the remaining 2 to 3 percent of the accounts, Microsoft disclosed customer content data, which would include email subject and body, SkyDrive pictures and more. The company did note that all content given was due to lawful warrants and requests, which Microsoft had to comply with. Not surprisingly, of that 3 percent of "content-disclosed" accounts, 92 percent of the requests came from US law enforcement or government officials. Those numbers match right up with that of 2012.

Microsoft highlights that less than 0.01 percent of all accounts were ever affected by law enforcement requests for data. And, in this small percent, the "overwhelming majority" of them were only for simple non-content data. Again, I feel I should stress that not all of the requests were from some NSA/PRISM/government conspiracy-related endeavor, as those were pooled together in with the rest of every day, police or other official requests. Fun fact here: 73 percent of all requests globally came from five countries, US, Turkey, Germany, UK and France, in that order. Microsoft also used the report to disclose requests for enterprise data, such as from products like Office 365.

You can read the entire report at the link below in both XLS and PDF format. Further, the page comes with nifty charts and graphs that you can click on for each country. And that's what makes not having privacy fun.

15 Percent of Americans Afraid of or Confused by Internet

posted Saturday Sep 28, 2013 by Scott Ertz

15 Percent of Americans Afraid of or Confused by Internet

A report released by the Pew Research Center reveals that 15 percent of American adults, 18 or older, do not use the Internet at all. The main reasons cited for avoiding the net are its difficulty to use and a lack of relevance.

34 percent of respondents that don't go online said that their reasoning is a lack of relevance. Since basically every piece of information that has ever existed is available online, we will assume that irrelevant means that the respondents actually mean that they have no need for or are not interested in the availability of the information.

The next reason in line is that it is too difficult to go online, coming in at a whopping 32 percent. The difficulty mostly comes from the fear of hackers, spam and spyware. This number is up significantly higher than that previous studies, with this statistic never breaching the 20 percent level.

Interestingly, 40 percent of the offliners have asked someone else to look something up online. I guess that means that there is information on the net that is relevant, though it could be from the other 78 percent that have asked. My guess is that most of the reason for not using the Internet is a lack of experience requiring assistance.

Another interesting number to come out of the study is that 14 percent of these people were once online, but secluded themselves later. Unfortunately, Pew did not have any follow-ups to determine why they cut the cord, so it is all guesses for us.

Several other reasons for offlining were the expense of owning a computer with Internet access and being too old for the Internet. Also, 3 percent of respondents WITH Internet access are still using dial-up.

Valve Announces SteamOS and Steam Machines, to Launch Early 2014

posted Saturday Sep 28, 2013 by Nicholas DiMeo

Valve Announces SteamOS and Steam Machines, to Launch Early 2014

Ever since the introduction of Big Picture Mode and the Steam Box rumors, Valve has found a way to stay in the news, despite Gabe's ever-increasing insanity. This week, Valve announced more details on the Steam Box, and we now know that it isn't just one machine - even though we've known that unofficially for a while - and the company also announced the release of SteamOS.

Mr. Newell still believes that Linux is the future, even for gaming, and has now put a lot more eggs into that penguin-shaped basket. Valve has gone full-bore with that notion, with the announcement of SteamOS, a Linux-based operating system that will be meant for bringing PC gaming to living rooms everywhere, with the help of Big Picture Mode. SteamOS will be made available to any person who wants it on their current machine, or to any manufacturer who wants to distribute a computer with the system already pre-loaded onto the hardware. This is, of course, after Gabe said that Windows 8 was a "giant sadness" and that Steam games "could not run on Windows 8."

At any rate, we should expect to see SteamOS in a couple months, as Valve has said that, "beginning in 2014, there will be multiple SteamOS machines to choose from, made by different manufacturers."

Entertainment is not a one-size-fits-all world. We want you to be able to choose the hardware that makes sense for you, so we are working with multiple partners to bring a variety of Steam gaming machines to market during 2014, all of them running SteamOS.

As of right now, we still don't know what the Steam Box-certified device will look like, or even the exact manufacturers the company has enlisted to help them on the project. However, we do know that Valve is working on their own machine, and have, for once, officially confirmed so. This box, made especially for the SteamOS, will be shipped first to 300 Steam users who have gone over to the Badge section of their Steam profile page and have done the required tasks by October 25th. Some 70,000 users are currently eligible to participate, but not all have entered to win the box.

Prototypes are shipping this year, but still, even after another drawn out announcement of everything, no word on price, specs or performance. At this point we don't even have a picture of anything, so it kind of feels like the PS4 launch.

Also, while everyone is happy about finally having an upgradeable and "open" platform in which to game on, let's not forget about some key facts that are in play here. Most TVs have drastically higher lag times than that of PC monitors and most users leave on settings that cause lag times to rise even higher than 100ms in some cases. I'd be quite surprised if the hardcore gamer that's being targeted takes an early or heavy adoption to this machine, considering that response time is the most hated thing in the gaming world. No amount of "openness" or "ease of changing parts" is going to fix you missing a sniper shot even though you were locked on.

However, the casual gamer with a bit of computer knowledge could see this machine being useful, especially for a family of gamers. Steam has introduced Family Sharing and Family Options, which give a household a broad variety of setups and choices to show games, share games and more, with everyone under the roof. To that same end though, as I reflect back on an excerpt from a previous piece of mine:

Lately, the push has been to get away from having to have a full-fledged computer in the living room. At the very most, consumers were getting by with their laptop, using WiDi (wireless display technology), to connect it to a TV to play their movies or show off some pictures. More and more often, however, we're seeing products being introduced at the International CES that allow that same user to use their smartphone or Xbox 360/PS3 to accomplish the same goal, cable and adapter free. Having to put another piece of hardware in an already crowded entertainment center, in this day in age, just seems like a waste of time and space unless you're a business person. And that's not who this box is for.

This box is for the gamer. Perhaps the hardcore ones would put it in their living room, so long as they own the house or apartment, because we know moms and dads won't let the 12 hour League of Legends session occur in place of primetime TV.

We will have to wait and see until these prototypes ship out to learn about the look and feel. Come the new year, we'll have a better idea on just who will be picking up an open computer with a limited number of games to play on it, and we'll also know just how all of that will be working for them. To me, it just seems like another OUYA.

We're live now - Join us!
PLuGHiTZ Keyz

Email

Password

Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats