Sponsored by

Adobe Hacked Again: What
Does It Mean for You?

© 2013 Monterey Technology Group Inc.
Thanks to

www.Lumension.com

Paul Zimski

© 2013 Monterey Technology Group Inc.
Preview of key
points

 What we know
 The risks
 What we can do about it
 Privacy
 Credit card data
 Passwords

What we
know






Adobe sites and cloud services
Adobe ID
Revel
Creative Cl...
 Obvious identity and privacy issues
 Password practices

 But the source code breaches are what worry me
 Source code...
What can you
do about it?

 You can’t fix Adobe’s problems, Oracle’s or anyone else
 But you can reduce your exposure to...
 Great examples
 Adobe Acrobat
 Adobe Reader

1. Replace
common,
vulnerable
tools where
possible

 There are awesome f...
 Different ways to do sandboxes
 Java websites

2. Isolate
necessary
vulnerable
apps in a
sandbox

 Deploy 2 browsers
...
 Each version of Windows gets stronger memory protection

3. Using
advanced
memory
protection
technologies






Vist...
 Patch
 Replace

Bottom line

 Isolate
 Control

 Protect
Known Adobe Software Vulnerabilities
300

Source Code
Release
Implications ?

# of NVD CVEs

250
200

All Adobe
Acrobat

1...
Known Adobe Software Vulnerabilities
14

Source Code
Release
Implications ?

# of NVD CVEs

12
10
8

ColdFusion

6

Photos...
Percentage of Adobe Vulnerabilities
Allowing “Arbitrary Code Execution”
87%

90%

Source Code
Release
Implications?

Perce...
Sponsored by

Defense-in-Depth with Lumension
Full Disk
Encryption

Physical
Access

Port / Device Control and Encryption
...
• Free Security Scanner Tools
» Vulnerability Scanner – discover all OS and
application vulnerabilities on your network
» ...
Upcoming SlideShare
Loading in …5
×

Adobe Hacked Again: What Does It Mean for You?

821 views

Published on

Last time it was Adobe’s code signing servers. This time it’s 2.9 million (let’s just call it 3) customers’ data and lots and lots of source code – including that of Acrobat. Adobe products already require constant patching but offer no enterprise level solution for patching. In this presentation by Ultimate Windows Security, we’ll present why this will likely lead to more and we’ll look at what we know about this latest Adobe breach.

But more importantly I’ll show what you can do in advance to protect yourself against zero-day exploits in Adobe products and programs. After all this won’t be the last time a software vendor is hacked. In this day and age we have to protect ourselves from the failures of our software providers.

I’ll present 3 ways you can go on the offensive to protect yourself from the constant vulnerabilities discovered in Adobe Reader, Acrobat, Flash and Oracle Java. Here’s what we’ll discuss:

*Alternatives to Adobe and Java
*Different ways to containing vulnerable apps in a sandbox
* Using advanced memory protection technologies to detect and stop buffer overflows and other memory based attacks

Patching and AV only helps you close the window on hacker opportunity. To prevent the window from opening in the first place you have to prevent untrusted code from ever running in the first place. That requires application whitelisting and memory protection against code injection – a growing menace that bypasses controls based on file system and EXE scanning.

That’s why Lumension is sponsoring this event. I think you’ll be interested seeing 2 of their end-point security technologies that will help protect you from the new exploits on their way as a result of this hack as well as the constant stream of exploits discovered every day.

This is going to be a really cool presentation with practical tips that you can apply. Learn how to protect your systems from other software vendor vulnerabilities.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
821
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Closing on this slide allows the audience to see the true defense in depth strategy Lumension provides. It is suggested to start from the left side and move to the right, highlighting each module/capability along the way.
  • Adobe Hacked Again: What Does It Mean for You?

    1. 1. Sponsored by Adobe Hacked Again: What Does It Mean for You? © 2013 Monterey Technology Group Inc.
    2. 2. Thanks to www.Lumension.com Paul Zimski © 2013 Monterey Technology Group Inc.
    3. 3. Preview of key points  What we know  The risks  What we can do about it
    4. 4.  Privacy  Credit card data  Passwords What we know     Adobe sites and cloud services Adobe ID Revel Creative Cloud  38 million customers/users affected  Gobs and gobs of source code     ColdFusion Adobe Reader Acrobat PhotoShop
    5. 5.  Obvious identity and privacy issues  Password practices  But the source code breaches are what worry me  Source code integrity Risks  Possible to insert arbitrary bad guy code into Adobe products that are then signed by Adobe and released to the public  Can you say Trojan horse?  More 0-day exploits  Instead of laboriously reverse engineering compiled Adobe code for buffer overflows, etc  Analyze the actual source code
    6. 6. What can you do about it?  You can’t fix Adobe’s problems, Oracle’s or anyone else  But you can reduce your exposure to them
    7. 7.  Great examples  Adobe Acrobat  Adobe Reader 1. Replace common, vulnerable tools where possible  There are awesome free and for pay replacements for both products     Faster Cheaper Less irritating to use Better security  Obscurity  Attack surface  Better coding?  Not really replacements available for     Flash Java Adobe Air Other Adobe content creation products
    8. 8.  Different ways to do sandboxes  Java websites 2. Isolate necessary vulnerable apps in a sandbox  Deploy 2 browsers  One with Java, one without  Optional: configure Java browser to use proxy server which limits which sites you can access  NoScript?  Java applications  Deliver via VDI  Flash is really problematic  Especially in Windows 8  No alternative  Built into Chrome and IE now  HTML5 helping hasn’t displaced Flash yet     Click to play? Flash sandbox? Better in some browsers than others Disable via group policy  http://www.howtogeek.com/115833/
    9. 9.  Each version of Windows gets stronger memory protection 3. Using advanced memory protection technologies     Vista Windows 7 Windows 8 Windows 8.1  Running 64 bit IE  3rd Party Memory protection  DLL injection  Reflective programming
    10. 10.  Patch  Replace Bottom line  Isolate  Control  Protect
    11. 11. Known Adobe Software Vulnerabilities 300 Source Code Release Implications ? # of NVD CVEs 250 200 All Adobe Acrobat 150 Reader 100 Flash Shockwave 50 0 2010 2011 2012 Year 2013 Source data: nvd.nist.gov 2010 through October  A single CVE may apply to more than one product (especially) if from common source code  Acrobat and Acrobat Reader are extremely well correlated (.92-.98)  Acrobat/Release tracking at least at 2010 levels, will a dramatic increase be seen ?  NVD = National Vulnerability Database, CVE = Common Vulnerabilities and Exposures
    12. 12. Known Adobe Software Vulnerabilities 14 Source Code Release Implications ? # of NVD CVEs 12 10 8 ColdFusion 6 Photoshop 4 Illustrator 2 0 2010 2011 2012 Year 2013 Source data: nvd.nist.gov 2010 through October 2013  Breach included Acrobat, ColdFusion, ColdFusion Builder & Photoshop  Weak correlation Acrobat and Flash (.00-.07) with none in later years  No other cross product correlations noted e.g. ColdFusion & Shockwave CVEs were unrelated
    13. 13. Percentage of Adobe Vulnerabilities Allowing “Arbitrary Code Execution” 87% 90% Source Code Release Implications? Percentage of CVEs 80% 70% 87% 80% 65% 60% 50% Allows Arbitary Code Execution 40% 30% 20% 10% 0% 2010 2011 2012 Year 2013 Source data: nvd.nist.gov 2010 through October 2013  The source code is a “key to castle” to find flaws in existing memory management / bounds checking 0-day exploit creation  Techniques to detect and block such exploits and subsequent payloads are vital  Layered defense to monitor and report good as well as suspicious activity  Security Future : Correlation of disparate “big data” to “know the unknown”
    14. 14. Sponsored by Defense-in-Depth with Lumension Full Disk Encryption Physical Access Port / Device Control and Encryption Anti-Malware Patch and Configuration Management Network Access Firewall Management Click to edit Master title style 18
    15. 15. • Free Security Scanner Tools » Vulnerability Scanner – discover all OS and application vulnerabilities on your network » Application Scanner – discover all the apps being used in your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx • Lumension® Endpoint Management and Security Suite » Online Demo Video: http://www.lumension.com/Resources/DemoCenter/Vulnerability-Management.aspx » Free Trial (virtual or download): 15 http://www.lumension.com/endpointmanagement-security-suite/free-trial.aspx • Get a Quote (and more) http://www.lumension.com/endp oint-management-securitysuite/buy-now.aspx#2 Sponsored by

    ×