Adobe announced in October 2013 the massive hacking of its IT infrastructure. Personal information of 2.9 million accounts was stolen (logins, passwords, names, credit card numbers and expiration dates). Another file discovered on the internet later brought the number of accounts affected by the attack to 150 million (only 38 million active accounts). To access this information, the hackers took advantage of a security breach at the publisher, specifically related to security practices around passwords. The stolen passwords had been encrypted instead of being chopped as recommended. Fortunately, if this had led to banking data also being stolen, it was at least unusable because of a high-quality encryption by Adobe. The company was attacked not only for its customer information, but also for its product data. Indeed, the most worrying problem for Adobe was the theft of over 40GB of source code. For instance, the entire source code for the ColdFusion product was stolen as well as parts of the source codes for Acrobat Reader and Photoshop. If other attacks were to be feared, they did not ultimately take place.
In August 2014, the IT security company Hold Security revealed that Russian hackers had stolen 1.2 billion logins and passwords on 420,000 websites around the world. And this could potentially have allowed the group of hackers "CyberVor" to access 500 million email accounts. Hackers used programmed botnets to visit sites and perform vulnerability tests in order to exploit SQL injection vulnerabilities and access databases. While the attack is significant on account of its scale, it has ultimately had no major consequences. According to the FBI, the information has only been used in a large spam campaign on social networks (for instance) while the real intent of this hacking record remains a mystery for the organization.
Hi, Am glad to read from you. Just to add on what you have already written, its important to make modules and classes private to stop users from using the FE as libraries thereby access the codes. Additionally, set up some ignition key flags variables which when the application starts via Autoexec macro running a startup function enables the forms which are disabled from starting unless the flags are on. To tighten further, the forms can be added other properties like Permission IDs and Interface numbers to map to some security levels which must be met for forms are opened otherwise they are cancelled. If you are using server based BEs (e.g. SQL Server), be careful to use DNSless type of connection without saving the password and at the same the FE should be carefully designed to communicate with server to avail the data when the FE has a session established and some conditions met so that when a hacker tries accessing the linked objects, he/she finds no data.
@noneck - best was to tackle - best practice d7/6 different distrubutions - collaborative & unified directionaaron ellison aellison - data here to hearben - dev shop in san franciscotom stovack REI systems developer - performance.govyetin khadilkar REI systemsrajiv jivan (rjivan)- architectcha snyder - energy lab - golden colorado department of energy (DOE) - DOE is going to drupal 7 - web developer managerjustin hollingsworth - defense information systems agency - forward shot mill - softwareforge.mill - Department of Defence (DoD) version of sourceforge - community site in drupal broader audience of things pertaining to software dev - agile discussions PKI enabling w/ certificates, can't use passwordsJohn MacKinnon - Akamai - "throat to choke" in front of Drupal - absorb traffic to whitehouse.gov & content pushing - initiatives - mobile - understanding where drupal community is heading - collaboration platform out of box making it easier for gov't agency to adopt drupal/open source - - community support/accountability - provide power184GB traffic in 8 hours white house july 4 - whacked/intrusion attemptAlan Palazzolo - with Code for America - new nonprofit open source web based technologies in to governments, focusing on municipal governments - interested in meeting everyoneunderstanding efforts & how Code for America fits inChacha with Code for America- June as Drupal for cities monthArman Anwar (arman) - xululabs.com - learning about government spaceDebbie Deacy - illinois county - redesign with another CMS - municipal gov't - using drupal for intranet and interested in open public for redesignJason - octavia public schools - used drupal last two years interested in open publicandrew(?) British Columbia - getting sites out of joomla and into drupal - here to meet() Lanz - organizing drupalgovdaysDanial Abadie - director buenos aires webAmy Adams - california state stem cell funding agency - building sites with drupal for (2) years - community site with drupal - mappingKirsten Birgard - co-founded Drupal for Gov with noel - 160 gov't employees - gov't employees only - state fed courts - and a few from outside US - nice to share but not interact with vendors (for interference sake) - department of veterans affairs - one of a few int'l gov't agencies - sort of like state department in that respect - provide services to veterans in active service/ currently deployednoneck: if we participate in conversations without identity as who we are working forkirsten - another group with common purpose -two gov't sites on drupal.orgstate and federalmunicipalities and XXXalan: are there other places where these discussions happen?noneck: lack of conversations in regard to federal agencies - have shared bureaucratic issues - political capacities are a challengecities and municipalities - lens focued on public information resources - children, welfare, housing authorities, parks department - tangible to municipal boundaries - kieran lal - great job documenting federal levelsome discussion to make a chart - drupal adoption across governmentby tracking gov sites pinging back to serverlargest conversation: when gathered at drupalcon - otherwise it's scattered throughout gov 2.0 events, last two years - slowly starting to buildlast year - 1+ birds of a feathermunicipal people - have distrono concrete location of where these conversations happenputting many resources on drupal.orgkirsten: finds groups to be overwhelminga listserv on googleOMB platform Office of Management and BudgetOMBmax - system that calculates budget items for federal governmentjob postingsquestion: can a non-profit space host another sitekirsten: we want to do more coordinated look and feelnoneck: conversation in relation to open public & civic commons (developing non profit to be a mediator between open source software for gov't)2 years developing drupal for gov't in theorywhat do we want to be doing to bring selves togetheropen public creating its own space for communityhow do we continue to have these conversations - int'l federal municipal - not loose conversation for another yearkirsten: gov't employees BOF - limitation of atrium can't respond through email - i don't have time to hack it, or have technical knowledge to be able to do thatotherwise betaspaces would be helpfulcodesprint in july - best practices for agencies - creating events for selves - ex. webinar - allows coordination between each otherq: is listserv a major hurdle that would help solving?kirsten: that would helphundreds of gov't sitesstarting to be divided by nationa few people use govloop email - not very activenaive audience - people using drupal getting referred back to drupal groupnoneck - what is CFA doingnational association for government webmasters- organization for local municipal webmasters - busy - lots of activity and yearly conferenceweb content managers (not sure the difference)content managers forum - people from mexico - city gov't mexico - tribal webmasters & city/local state & legistlative core - 8000 - very active listserv - next week is the conferencefirst time to include contractorsalan: what are people's thoughts about open public?Q: what license is Open PublicA: BSD -noneck: it's a drupal projectnoneck: open data platform - NGO's and people dealing with large datasetsin community at critical junction - future development - around apps framework in open public -anything i want to sync my developers into - interested in embracing that framework508 compliance and framework that enables other government agenciesopen ideation framework - talking about features to start working on in open publicopen public as foundation and lattice - finding out openly who is working - conversation happening after this onegetting consensus and code sharing between gov't offices-at end of day not a lot of uniqueness to each individual agency - no point for them all to spend own money building the same thing - the apps part of open public - that part would be niceinterested in apps for open public - IT Dashboard - extending views & maps & charts - would like to get those into open publicyou did some work with charts - charting BOF despondent about charts - room full of nondevelopers -we've got a lot of datawe've got a lot of chartsperformance.gov - goals progress - money spent towards goals w/ progressgraphics and visually showing those numbersdid for city of new york. module for new york site - view and graph - views ___ chartsdoesn't use flash - will be availablemwbereportcardnycnew york cities minority report carddrupal 6 - there will be a big to do in relation to "IT Dashboard"federal CIO - Vivek will probably announcein a few weeksperformance.gov hopefully in Aprilpaymentaccuracy.usaspending.gov(something like that...improper payments - rate of producing improper paymentsnoneck: one call a monthmonthy - audible checkin - would you spend an hour to talk about different sites?(a bunch of yeses?)request: put on one day -Noel will set this upwould be nice: after a bunch of calls - present sites -everyone wants to show work - could get a lot of involvment - single meetup in DCDrupal for Gov - meets on a quarterly basisDC Drupal Meetup on Monday NightsDrupal for Govissue with webinar - agencies - prohibited from using certain calling softwareex. social security - have access to nothing - have to go to coffeeshop to make a callconstant problems doing screenshares with themtried conference call before - more difficult for people who need to talk to talk.experimenting with thisustream - live stream of youtube -kirsten: we can't do any livestreaming of anythingany live stream filtered on my agencygregory heller: hears a need for a venue to share successes and failtuers & technological barriers30-40 ppl - 20 others who500 more in country who would like to talk about drupal and gov for days on endwhat if there was an event for this? to talk about drupal for 3 days -gov't applicationdrupal for government -brusselsdrupal for govcould people form organizing committee - saw before end of yearalan: would you go?noneck: reservationDC - magnetic polephysical gatherings - noble idea - all the people who not givng airspaceDC overrepresented and conversation dominationhears that we need a better way to curate and communicate with each otherand come up with standing committee that will help push - a core team to help navigate these different apparatiorganizing for summit/monthly calls - directing people to itseconding people who say dc is one magnetic polecalifornia - no budget for traveldrupal for feddrupal for state elsewheremonthy meeting not soluation for everyonegregory: don't know if there's a limiation to watch videocreated videos to describe new initiatives - short format 5-10 minutes with slides and picture of presenter to share initiative internallyif everyone in gov't could create a 10 minute update - put in group on youtube - people can have library of videos - like ted talks - to go and watch and see - 2b1af7f3a8