In case you missed it yesterday, Adobe has been hacked.\tBrad Arkin, Chief Security Officer of Adobe, explained the incident in a blog post. \u201cOur investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems.\u201d He added, \u201cWe also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.\u201d\tI like Brad, I respect Adobe, and I understand the logic behind making a statement like that. From a security or consumer perspective, though, it really needs to be taken with a grain of salt. Of course there\u2019s an increased risk as a result of unauthorized access to widely-used product source code and sensitive information on three million customers.\tTo be fair, though. Arkin didn\u2019t say there\u2019s no increased risk. He said Adobe is not aware of a specific increased risk\u2014which could be translated to \u201cTo our knowledge, attackers have not yet leveraged this information to craft exploits against our products, attack customer sites that rely on our products, or steal the identities of our customers.\u201d That may be a true statement\u2026right now. It\u2019s early. Give them time.\tDwayne Menlancon, chief technology officer for Tripwire, cautions, \u201cThe fact that the breach involves source code for creating web content should be concerning for Adobe and its customers, as it may enable the attackers to tamper with others' production web sites.\u201d\tThe Adobe breach is rumored to have been perpetrated by the same attackers that compromised LexisNexis and a number of other organizations, and Melancon believes it\u2019s likely they relied on the same techniques. If that\u2019s true, the attackers planted a rogue executable on the targeted systems and used that to create a command & control channel back to the attackers.\tMelancon is CTO of Tripwire\u2014which established its name as a tool for identifying and tracking file and configuration changes\u2014so he should know a thing or two about guarding against an attack like this. \u201cThese breaches underscore the importance of continuously monitoring your systems for suspicious changes, verifying any unrecognized programs on your systems, and establishing strong foundational controls so you can tell 'good' from 'bad' in your production environment\u2014and to prepare before something bad happens, rather than after the damage has already been done.\u201d\tIt\u2019s important for organizations to maintain a good baseline of known, trusted, and secure system configurations and application binaries. It\u2019s crucial in today's environments to be able to quickly tell which systems, applications, and components you can trust.\tIf you\u2019re concerned that your website or applications may be at risk as a result of the Adobe source code compromise, Adobe has published some hardening guidelines to help you guard against potential attacks.