On Sat, Dec 18, 2010 at 11:58 AM, Maciej Gojny <v...@ariko-security.com> wrote: > hello full disclosure! > > After six months from the first contact with Adobe security team, Â important > adobe.com subdomain is still vulnerable to SQL injection attacks. We hope > that this time, serious people will try to solve the problem. There's a reason Adobe is the most attacked software [1,2], and its probably because they write the most vulnerable software (or adversaries are looking for a challenge, which seems less intuitive and highly unlikely to me).
It appears "insecurity" is an enterprise wide practice, and not just limited to their software. Jeff [1] "Adobe surpasses Microsoft as favorite hacker’s target" (Jul 2009) http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/ [2] "Adobe predicted as top 2010 hacker target" (Dec 2009) http://www.theregister.co.uk/2009/12/29/security_predictions_2010/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
