Adobe Makes It Nice and Easy

Adobe is a famous American computer software company, who has been on the market for almost 25 years - even if you have been living under a rock, you've still heard about them! Most people are satisfied with the fact that the company's products are pretty easy to use, but what doesn't sound too good is the fact that their site had a scripting error which made it easy for people to gain access to some internal files.

The flaw is a directory traversal - however, this is not something new. Errors like this have been known to happen, and people are aware of them. This just shows that it's not an easy job being a web designer - these guys don't just have to create a site that functions, but also have to consider cyber-security, accessibility and many other things! In any case, the "hole" has been patched up and the site is no longer vulnerable.

As Dan Goodin writes, the error, which appeared to reside in a faulty CGI script, allowed people outside of Adobe to read and download files entering specially crafted URLs into their favorite browser. As you might have figured out already, no one outside Adobe should have had access to these, but at least the site's key had never been exposed, as company spokesman Stefan Offerman said.

Now, for you to better understand what this could have caused, let me explain what a directory traversal is based on and what it does. Sometimes, security validation is not done correctly, or in other cases, user-supplied data is not properly sanitized, so that's when this type of exploit can be done. It basically consists of "manipulating" a file's API in order to access a file that was not intended to be accessed, all based on improper security.