Friday, November 8, 2013

Adobe user database leak

While the media has been talking abuzz about Adobe data leak, the figure is staggering 153.9 million user ids.

To be exact, the number is : 153,989,523 email addresses! That’s right! it is ~154 Million user ids!

Think of a spammer who can get hold of such data? Though nothing much can be done about the exposed emails, it is advised to change the password of the Adobe ids to something more secure and not used across any of the sites.

If one has been using the same password (which most do! :( ) across multiple sites, it is strongly advised to change the password as soon as possible because it is only a matter of time that the Adobe’ encryption keys are hacked. Though for a security researcher, it would be an apple for analyzing all the passwords, but even without the encryption key, using the password hint, a list of top used passwords (really crappy list which has been advised for ages to forgo.) which still brings the quirks of security.

Humans are inevitably the weakest, weakest link in the security chain. Be whatever the system, cryptography, perimeter security, application security, host security and what not, if one use a crappy, easy to use password, it is matter of nanoseconds before everything gets compromised. We (collectively) for some reason, cannot or do not want to follow the advice of using some common passwords. Be it laziness or because of the importance of target system, but tend to follow a similar pattern for secure and protected, high sensitive system because when a habit is formed, it becomes routine and human mind gets accustomed to it!

After all we are humans. With different ethnicity, language, culture and relationships, but united in the cause of using crappy passwords! When will we learn? I am strongly saying the day will never come. Believe me, in the case of my entire security career which has spanned across two decades, I have seen the same passwords even followed by various device manufacturers, application makers, using as at the default root level / admin level accounts, hoping we the humans will change it after we start using (which we don’t).

The internet is spewed with articles, suggestions, algorithms, advices on choosing a strong password and yet we fail again and again and forever!

Will the world change and by when? Answers is: in 123456 years probably!