http://www.pcworld.com/article/2054...hackers-unprotected-server.html#tk.nl_pcwbest
A massive breach of Adobe Systems’ network was discovered after the source code of numerous products, including the Web application development platform ColdFusion, sat parked on a hacker’s unprotected Web server open to the Internet.
The breach, which also encompassed 2.9 million encrypted customer credit card records, was announced by Adobe on Oct. 3. Adobe had already been investigating a breach when Alex Holden, chief information security officer of Hold Security,independently found what turned out to be the company’s source code on a hacking gang’s server. Adobe’s source code “was hidden, but it was not cleverly hidden,” Holden said.
Analysts with Holden’s company specialize in gaining access to “deep web” or dark forums, used by cybercriminals to trade data and techniques anonymously. Hold Security offers a subscription service called ”Deep Web Monitoring” where companies can be notified if their data is found.
The secret forums are password protected and are often invitation only, so security researchers often pretend they’re one of the bad guys to get in.
A massive breach of Adobe Systems’ network was discovered after the source code of numerous products, including the Web application development platform ColdFusion, sat parked on a hacker’s unprotected Web server open to the Internet.
The breach, which also encompassed 2.9 million encrypted customer credit card records, was announced by Adobe on Oct. 3. Adobe had already been investigating a breach when Alex Holden, chief information security officer of Hold Security,independently found what turned out to be the company’s source code on a hacking gang’s server. Adobe’s source code “was hidden, but it was not cleverly hidden,” Holden said.
Analysts with Holden’s company specialize in gaining access to “deep web” or dark forums, used by cybercriminals to trade data and techniques anonymously. Hold Security offers a subscription service called ”Deep Web Monitoring” where companies can be notified if their data is found.
The secret forums are password protected and are often invitation only, so security researchers often pretend they’re one of the bad guys to get in.