Thursday, September 27, 2012

attack the tools that build the infrastructure

Adobe had to address inappropriately issued signing certificates - issued through a targeted attack on their systems.   Fascinating read here:

http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html

This is another example of very targeted, stepping stone attacks that indicate significant planning and skills on the part of the attacker.

Kudos to Adobe for taking and documenting agressive steps to address the problem.

When you think about Adobe and RSA, both companies with significant security footprints, being the victim of these types of sophisticated attacks you can wonder about just who is behind these attacks.  And probably be right.

No comments: