Re: Adobe: Important Customer Security Announcement

[Rich Kulawiec <rsk () gsp org>]

On Thu, Oct 03, 2013 at 06:15:50PM -0400, Jeffrey Walton wrote:
> Sigh....
>
> It would be nice if there was a full accounting of what precisely was
> egressed. 

I generally use what I called the Kulawiec Iceberg Principle of Dataloss. [1]
The KIPD says that companies are only aware of 1/7 of the breaches
they actually suffer. Further, they only know 1/7 of the extent of the
breaches that they're aware of.  And finally, they only report to the
public 1/7 of what they know.  (The precise fraction varies, of course,
but it's never unity.)

Also, more coverage of this debacle:

        Adobe admits 2.9M customer accounts have been compromised
        http://www.zdnet.com/adobe-admits-2-9m-customer-accounts-have-been-compromised-7000021546/

        Adobe To Announce Source Code, Customer Data Breach
        http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/

---rsk

[1] I was hoping maybe for the Grand Unified Theory and a Nobel Prize,
but since that doesn't seem likely in the near future, I'm putting my
name on this.  Get your own. Mine! Mine! MIIIINE!
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.