This is what US-Cert said in a rather pointless advise:
"US-CERT advises that Adobe customers be aware of possible fraudulent account activity."
What US-Cert should have said instead:
Advise for Adobe customers:
If you have an account at Adobe: Change your password.
But that's not all:
If your Adove account has a username/password combination and/or emailaddress that you use for other websites services as well, change your password on all the other sites too.
And perhaps, if US-Cert could spare some time and effort (thank you #shutdown) they could have added this:
Advise for all service providers:
Get rid of password management by moving to federation protocols like OAuth or OpenID Connect. If you don't store passwords, you can't lose them.
And an advise for Adobe and all other providers:
Please don't ignore secure programming guidelines.
Geen opmerkingen:
Een reactie posten