> We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems.
Well that's reassuring(!) If these hackers were so "sophisticated" then presumably they could have obtained Adobe's decryption keys too? If not, why not?
Guess I'll have to phone my bank tomorrow... hope they don't charge me for the new card. Oh Adobe...
Edit: It just occurs to me that people with pirated Adobe software aren't having any problems right now. The same argument could be made of any service, of course, but at least with the old way of purchasing Adobe software (vs. Creative Cloud) Adobe didn't have to store your credit card number for an extended period of time. I don't think this excuses piracy, but it's not going to do anything to discourage it.
> At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems
That sentence is disinformation. It carefully leaves unanswered the question of whether the encryption keys were stored in a location accessible to the attackers. The only reason to use that kind of language is to try and confuse everybody into believing things are not as bad as they would otherwise look.
We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders
On first reading I had a split-second where I thought the attackers did everyone a favor by deleting the data; e.g. "drop table customer_financial_data". Unfortunately they meant the ~other~ kind of "removal". I think "obtained" would have been a better word to use here (instead of "removed").
"KrebsOnSecurity first became aware of the source code leak roughly one week ago...with fellow researcher Alex Holden...discovered a massive 40 GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll."
"The hacking team’s server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat."
Less than 1 year into forcing their users to 'The Cloud' for future updates, Adobe has proven incompetent at protecting our data (and even their own).
I feel particularly bad for the design houses that have entrusted Adobe with their intellectual property because it was supposed to be safe who now have to rethink how safe their assets really are.
Much more interesting than the customer data: "We are also investigating the illegal access to source code of numerous Adobe products". In the linked blog post they say: "Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party"
It's about time. I hate to be one to advocate piracy, but this massive leak of source was something that we needed desperately.
It's illicit, but it will help free software and reverse engineering in a huge way. Adobe doesn't deserve to manipulate its users with CC like it's doing right now.
Some naive questions from someone who genuinely doesn't know: how is it that a company cannot detect when someone downloads a giant database of sensitive personal information from their servers? Surely, there are ways to monitor access to this data and immediately flag suspicious behaviour? How do the intruders even find the location of this data and then download it? Isn't there some best practice security measures that can prevent of all of these things? I presume Adobe failed at all of them?
>how is it that a company cannot detect when someone downloads a giant database of sensitive personal information from their servers? Surely, there are ways to monitor access to this data and immediately flag suspicious behaviour
There are classes of products related to this specific task, generally we call them "DLP" or Data [Leak|Loss] Prevention.
What we don't know, is how the information was transferred from the servers, and how much different that traffic looked compared to normal activity. It's easy enough to catch a credit card number flying through a plain HTTP packet over the network in the wrong direction, but it gets much harder when the party trying to transfer that data is intentionally attempting to avoid detection.
> Isn't there some best practice security measures that can prevent of all of these things
Yes, but none of them are perfect, and even if they were, they would require perfection from human operators. (Perfectly configure, maintain, monitor, etc.) And, of course, they assume you can identify a threat before it leads to compromise.
I was told repeatedly that I was a sucker for buying Adobe products (I own CS3 and never found it necessary to upgrade) instead of pirating. Well, I'm conflictingly feeling like a sucker.
Conflictingly because my CC info has since expired, but other personal data would still be in their records. I wonder how far back they keep those, but I guess I'll find out soon enough if I'm in the lot.
Edit: If anyone is worried about the source getting leaked giving rise to 0-day exploits and the like, you can at least move away from Reader into something like Sumatra PDF (open source). If all you need is a reader, it's a very handy alternative and far more nimble with resources (no I'm not part of their project. I'm just a very happy user)
> certain information relating to 2.9 million Adobe customers
It would be nice to know how many user accounts Adobe manages, so that I can better estimate the likelihood of my accounts being affected. If they only have 2.9 million accounts, I should be worried; if they have 100 million accounts, I should still worry but perhaps a little less so.
I have not (yet) received an email from Adobe regarding this latest attack, but I have an Adobe Creative Cloud subscription as well as several Typekit accounts. I use 1Password to generate passwords, but of course that doesn’t protect my credit card information.
This quote from the Krebs post is both laughable and horribly saddening. Even Adobe can't manage to keep Adobe software installs up to date
>Arkin said the company has not yet determined whether the servers that were breached were running ColdFusion, but acknowledged that the attackers appear to have gotten their foot in the door through “some type of out-of-date” software.
I wonder if this is why my university IT dept just broadcast an email saying that Adobe is "auditing" every computer on campus for the university's site license. They want to come into everyone's office and labs and run some "script" on every machine that does who knows what. Needless to say I said "no thank you".
We need some technology that makes our Credit Card numbers change every few days.
I am shocked that most people think it's OK these days to drop the "Oops, nasty baddies bad bad got in and there goes your details, so so sorry, come again."
If this happens to some small startup with the one PHP nerd that doesn't really know what he's doing (and is underpaid anyway) - that's fine. Or at least acceptable. You're living on the edge.
In Turkey, we have these things called virtual credit cards. You basically log in into internet banking, click a button to generate a new card, it shows up instantly, then you define how much limit it would have and you are ready to use it. For convenience you can use that card many times, just reset the limit or you can create new one if you wish. It's really good, I use it every time.
Some credit card companies let you generate expiring CC numbers for specific purchases, but that's a lot of work, and wouldn't work for recurring purchases (like Adobe Creative Cloud)
Indeed, we need a ticket system for custom tokens per merchant. So instead of actually putting in the credit card number, you put in a token (very similar to an oauth type token).
If say for instance the token you gave to Adobe gets stolen, you or they just disable all tokens or ask for new tokens.
So not only will fraud be more difficult but merchants also will be known who has been compromised. Right now banks won't always tell you what merchant was compromised and causing you to get a new number/card.
New payment systems have this, for instance stripe is built similar to this.
Why do people have to update all their cards with all their merchants after one fails? Getting multiple cards and internet cards sometimes helps compartmentalize but really we need this at least per merchant.
Some banks have this like Bank of America ShopSafe but it should be the new normal.
Seriously, I don't get it. At least in the US, card holders have zero liability in these instances.
If your card number got leaked and is used to make a fraudulent purchase, simply report it to your card issuer. They will reverse the charge and issue you a new card number.
The paranoia around card numbers for consumers is crazy. There's literally no risk. It makes sense for merchants because they bear risk, but I don't understand why cardholders get upset.
That's kind of a scary part to it. Large organisations don't colocate code and credit card numbers. They carefully segment things and isolate them to completely separate silos in completely unconnected systems.
So I would infer that the attackers obviously had access at a very high level, probably compromising the credentials of someone very senior with very high privileges. Which in turn means they could almost certainly have compromised the encryption keys and would be most likely to do so before downloading the actual CC data.
As a customer who just made a purchase from Adobe a few hours ago, I feel good and horrible at the same time. I feel good that their source code was stolen (I will explain why). I feel bad that my credit card was compromised.
Around November 2011, Apple screwed up one of it's premier softwares (Final cut pro) and Adobe jumped right in and offered a 50% discount to all of its Creative suites (version: 5.5). Their pitch then was - "Apple screwed up, try ours and hey, if you buy the suite, it's yours forever and you get peace of mind". And so I bought the Windows edition of one of their suites. A year later, CS6 was announced and I decided to wait for sometime before upgrading. Just to be clear, I shelled out almost $1000 on the CS 5.5 version.
In the last few months, I made the switch to a Mac and I found out that my license for Windows wouldn't work on a Mac. Fortunately, Adobe seemed to provide a "crossgrade" path, wherein I can just swap my platform at no additional cost. Sounds good? No. Except that you can't swap from an older version (CS 5.5) to a newer version (CS 6). You can only switch between platforms of the two same versions. Okay, that's in a way fair enough, since it's been over a year anyway and it's time to upgrade. So, let me just upgrade to CS6, I thought.
This is where it started to get messy. I searched for links to upgrade to CS6, and I did find a few. But they all re-directed to the stupid Creative Cloud edition. WTF?
I searched and searched and finally found a link that worked. I placed an order and 24 hours later, my order was cancelled for no reason. I had to search for that link I found earlier, again. After giving up finding the link, upon contacting customer support, I was tried to be pushed into the stupid Creative Cloud platform, again.
Support: Based on what we have discussed I highly recommend that you purchase Creative Cloud which includes Photoshop CC for images, Indesign CC for print design, Illustrator CC for graphics, Flash Pro CC for animations, After effects CC for adding effects and plus more.
Support: Plus you will get all the upgrades and updates for free of cost.
Support: You can install CC on 2 system both on mac/ Windows.
Support: I am sure CC will meet all your requirements.
you: Oh no thank you, please. It doesn't fit my budget. Once I stop paying, everything is gone, unlike in the case of a CS 6 install.
Support: I do understand your concern, however, going forward there is no upgrade path available since CC is replaced by CS6.
(WTF)?
you: Do you mean to say, that I can't upgrade from Cs 5.5 to 6?
Support: The upgrade path from CS6 to CS7 is not available, since CC is replaced by CS7.
you: Yes, I understand that.
you: I don't need CC ma'am, really.
you: It doesn't fit my needs.
Support: That's okay.
Support: Let me provide you with the link to upgrade to CS6 production premium, okay.
(Finally!)
It's funny I had to spend so much time with support to purchase CS6, since Adobe clearly conveys that it intends to sell CS6 indefinitely.
[2]http://www.adobe.com/products/cs6/faq.html
Even though the support person gave me the link to buy CS6, I thought it would be a good idea to probably re-consider CC again. So I checked on the Creative Cloud page to see if I could just pay $45 for say, about two months and later upgrade to CS6. But, again, Adobe tries to backstab its users. IF you cancel your CC subscription before 1 year, you will be billed 50% of the total amount (50% of ($45x12)) as a penalty. WTF?!! So, basically they want to beat their users to the ground as much as they can.
I decided to try alternatives, because I really wanted only a good Photoshop-like program and nothing else more (at that point). So, I searched, but I couldn't find. Now, this is highly deceptive on Adobe's part because they play a monopoly role clearly and they decided to backstab their users all of a sudden.
There is no easy way to buy CS6, there is no easy way to subscribe to CC for just a few months and the calculations they demonstrate are also deceptive at best. CC is more expensive than the boxed product.
One of my friends is a blogger, he has a huge follower count. Adobe contacted him and gave him a free 1 year subscription to CC. I was curious and I found a lot of bloggers reporting the same. One thing that was common in most of these Adobe contacted bloggers' posts, was how their stress to explain how the CC version was effectively cheaper than their boxed version.
So basically Adobe is indirectly bribing bloggers to write good stuff about their CC subscription.
Adobe's CEO is an incompetent backstabber who is totally fit for nothing. This was the same guy who argued with Steve Jobs that Flash on mobile rocks and later discontinued it.
Backstab #1. I was a Flash developer previously. I was even jobless for a few days because I relied so much on this technology.
Adobe's CEO also backstabbed the much capable Flex eco-system. Do you know how many Flex developers are jobless now? Backstab #2.
And the Creative cloud (CC). Backstab #3.
That is why I feel happy that their source code was stolen. I was a genuine customer amongst a million others who just wanted to pay ONCE to use my software. I could have pirated like many others, but I didn't. I trusted them. But they took a U turn and decided to shoot us in the back.
I understand you feel cheated Adobe, but I feel the need to present their side of the story.
> But, again, Adobe tries to backstab its users. IF you cancel your CC subscription before 1 year, you will be billed 50% of the total amount (50% of ($45x12)) as a penalty. WTF?!! So, basically they want to beat their users to the ground as much as they can.
What you call 'beat their users to the ground' I call 'charge fees which maximise their profit'. They are not being deceptive - their price list clearly states, "Requires annual commitment; billed monthly" [1]
> There is no easy way to buy CS6
If you Google "buy adobe cs6" the first result [2] allows you to buy a CS6 'Master Collection' licence for $2,599. Just click 'buy' then 'Add to cart'. Seems pretty easy to me.
> there is no easy way to subscribe to CC for just a few months
Not true - as pointed out by estel, you can easily subscribe for $75 per month. I think by 'easy' you mean 'cheap'
> the calculations they demonstrate are also deceptive at best
Can you provide a link to the deceptive calculations? Because to me the price list [1] seems to be fairly straightforward and honest
> CC is more expensive than the boxed product.
Doesn't that depend on how long you use the software for? You can buy a single month for $75 - I doubt that you can get the boxed product for cheaper than that.
> One thing that was common in most of these Adobe contacted bloggers' posts, was how their stress to explain how the CC version was effectively cheaper than their boxed version.
If it is true that Adobe implicitly says, "write good things about us and we'll give you free stuff" then I agree that this is pretty bad behaviour. (But if they say, "here is some free stuff, please write good things about us" then that would be OK as long as the blogger notes in their review that they had received the free stuff.) The fact that bloggers who received free stuff had previously wrote good things about Adobe is not sufficient to convict Adobe of indirect bribing. It could be that the bloggers who did not receive free stuff also wrote good things about Adobe (ie. their products are generally viewed positively)
> Backstab #1. I was a Flash developer previously. I was even jobless for a few days because I relied so much on this technology…Do you know how many Flex developers are jobless now? Backstab #2.
It sucks to lose your job, but is it really 'backstabbing' for Adobe to drop support for a platform they developed? For all software I expect the companies who develop it to say "this is a great product and we fully support it" right up until they day they drop that support. It's not like Adobe said, "we will support this product until at least 2015".
> [The CEO] is never straightforward...This guy is incompetent and needs to be replaced.
Personally I think it is very straightforward to say, "I refuse to discuss our pricing strategy with you". But in any case the CEO's job is to maximise profits - and using the strength of Adobe's market position to charge nosebleed prices sounds to me like he is doing just that. Not at all incompetent.
> At least someone should file a class action suit for abusing their monopoly.
It's not necessarily illegal to have a monopoly and charge a very high price for your products.
> Around November 2011, Apple screwed up one of it's premier softwares (Final cut pro)
I understand why you would say that, but I don’t agree. At the time, I used Final Cut Pro 7 daily and when Final Cut Pro X was released, I didn’t immediately switch to it. I waited for multicam editing and XML export, and Apple delivered. That’s when I switched to Final Cut Pro X and it was a great improvement over version 7. When Adobe came up with Creative Cloud, I signed up. That meant I got Adobe Premiere as part of the package, but after trying it, I still much preferred Final Cut Pro 7. Comparing Premiere and Final Cut Pro X, for me, it’s not even a contest. With Final Cut Pro X, I’m way more productive than I ever was in FCP 7, Avid, Premiere or Media100.
Apple could’ve done better by offering the first few releases of FCP X as a free beta, but right now, FCP X is a way better product than FCP 7 ever was.
> there is no easy way to subscribe to CC for just a few months
Isn't that what the monthly plan does [0]? $75 / month rather than $50, but with the option to only pay for individual months. I think they said they were originally thinking of freelancers who might only take on work that involved using CC a few times a year.
Could this result in a huge fine or penalty, not least due to potential PCI DSS violation? Here in the EU, it'd be a big data protection issue as well.
To view this message in a language other than English, please click here.
We recently discovered that an attacker illegally entered our network and may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account.
To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. In addition, please be on the lookout for suspicious email or phone scams seeking your personal information.
We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.
Just another reason for me to continue to despise Adobe. Thankfully I bought my version of Acrobat Pro on Amazon so they did not have my credit card, but still Adobe handed all my other information over to the hackers due to poor security practices. Thankfully I also had used Lastpass to generate a unique password for their site.
Are you saying we need to create a cloud service that is completely secure ( which we know is impossible ). My understanding is that CloudFlare is already tackling the security aspects of hosted services and seem to be doing well.
Well, pretty happy I bought Lightroom through Amazon right about now.
Reason: Adobe charges basically double the US price in Australia/NZ if you buy from them directly, and I refuse to pay a location tax since it costs them zero dollars extra to send me bytes through CDNs.
Support staff and localised service centres still need to be paid for somehow. Also, sales staff, business liaisons, legal staff to deal with local laws and regulations, all the managers to manage them, etc. With a smaller potential userbase in Aus, they can't subsidise the support costs across as many people, so maybe that's why they charge more.
[+] [-] Osmium|12 years ago|reply
Well that's reassuring(!) If these hackers were so "sophisticated" then presumably they could have obtained Adobe's decryption keys too? If not, why not?
Guess I'll have to phone my bank tomorrow... hope they don't charge me for the new card. Oh Adobe...
Edit: It just occurs to me that people with pirated Adobe software aren't having any problems right now. The same argument could be made of any service, of course, but at least with the old way of purchasing Adobe software (vs. Creative Cloud) Adobe didn't have to store your credit card number for an extended period of time. I don't think this excuses piracy, but it's not going to do anything to discourage it.
[+] [-] zmmmmm|12 years ago|reply
That sentence is disinformation. It carefully leaves unanswered the question of whether the encryption keys were stored in a location accessible to the attackers. The only reason to use that kind of language is to try and confuse everybody into believing things are not as bad as they would otherwise look.
[+] [-] davvid|12 years ago|reply
On first reading I had a split-second where I thought the attackers did everyone a favor by deleting the data; e.g. "drop table customer_financial_data". Unfortunately they meant the ~other~ kind of "removal". I think "obtained" would have been a better word to use here (instead of "removed").
[+] [-] jrockway|12 years ago|reply
[+] [-] bcn|12 years ago|reply
[+] [-] keyle|12 years ago|reply
I'd rather obtain minified javascript.
[+] [-] mratzloff|12 years ago|reply
[+] [-] iamshs|12 years ago|reply
[+] [-] ChikkaChiChi|12 years ago|reply
I feel particularly bad for the design houses that have entrusted Adobe with their intellectual property because it was supposed to be safe who now have to rethink how safe their assets really are.
[+] [-] nutjob123|12 years ago|reply
[+] [-] kunai|12 years ago|reply
It's illicit, but it will help free software and reverse engineering in a huge way. Adobe doesn't deserve to manipulate its users with CC like it's doing right now.
[+] [-] chestnut-tree|12 years ago|reply
[+] [-] drone|12 years ago|reply
There are classes of products related to this specific task, generally we call them "DLP" or Data [Leak|Loss] Prevention.
What we don't know, is how the information was transferred from the servers, and how much different that traffic looked compared to normal activity. It's easy enough to catch a credit card number flying through a plain HTTP packet over the network in the wrong direction, but it gets much harder when the party trying to transfer that data is intentionally attempting to avoid detection.
> Isn't there some best practice security measures that can prevent of all of these things
Yes, but none of them are perfect, and even if they were, they would require perfection from human operators. (Perfectly configure, maintain, monitor, etc.) And, of course, they assume you can identify a threat before it leads to compromise.
[+] [-] seiji|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] eksith|12 years ago|reply
Conflictingly because my CC info has since expired, but other personal data would still be in their records. I wonder how far back they keep those, but I guess I'll find out soon enough if I'm in the lot.
Edit: If anyone is worried about the source getting leaked giving rise to 0-day exploits and the like, you can at least move away from Reader into something like Sumatra PDF (open source). If all you need is a reader, it's a very handy alternative and far more nimble with resources (no I'm not part of their project. I'm just a very happy user)
[+] [-] Samuel_Michon|12 years ago|reply
It would be nice to know how many user accounts Adobe manages, so that I can better estimate the likelihood of my accounts being affected. If they only have 2.9 million accounts, I should be worried; if they have 100 million accounts, I should still worry but perhaps a little less so.
I have not (yet) received an email from Adobe regarding this latest attack, but I have an Adobe Creative Cloud subscription as well as several Typekit accounts. I use 1Password to generate passwords, but of course that doesn’t protect my credit card information.
[+] [-] aroch|12 years ago|reply
>Arkin said the company has not yet determined whether the servers that were breached were running ColdFusion, but acknowledged that the attackers appear to have gotten their foot in the door through “some type of out-of-date” software.
[+] [-] plg|12 years ago|reply
[+] [-] keyle|12 years ago|reply
I am shocked that most people think it's OK these days to drop the "Oops, nasty baddies bad bad got in and there goes your details, so so sorry, come again."
If this happens to some small startup with the one PHP nerd that doesn't really know what he's doing (and is underpaid anyway) - that's fine. Or at least acceptable. You're living on the edge.
But a Fortune 100 company... COM'ON.
[+] [-] mrtksn|12 years ago|reply
[+] [-] tlrobinson|12 years ago|reply
[+] [-] drawkbox|12 years ago|reply
If say for instance the token you gave to Adobe gets stolen, you or they just disable all tokens or ask for new tokens.
So not only will fraud be more difficult but merchants also will be known who has been compromised. Right now banks won't always tell you what merchant was compromised and causing you to get a new number/card.
New payment systems have this, for instance stripe is built similar to this.
Why do people have to update all their cards with all their merchants after one fails? Getting multiple cards and internet cards sometimes helps compartmentalize but really we need this at least per merchant.
Some banks have this like Bank of America ShopSafe but it should be the new normal.
[+] [-] keyle|12 years ago|reply
This needs a ladder of shame. If we don't shine the light on this, things just won't get better.
[+] [-] Simucal|12 years ago|reply
[+] [-] mikeash|12 years ago|reply
Seriously, I don't get it. At least in the US, card holders have zero liability in these instances.
If your card number got leaked and is used to make a fraudulent purchase, simply report it to your card issuer. They will reverse the charge and issue you a new card number.
The paranoia around card numbers for consumers is crazy. There's literally no risk. It makes sense for merchants because they bear risk, but I don't understand why cardholders get upset.
[+] [-] coldcode|12 years ago|reply
[+] [-] zmmmmm|12 years ago|reply
So I would infer that the attackers obviously had access at a very high level, probably compromising the credentials of someone very senior with very high privileges. Which in turn means they could almost certainly have compromised the encryption keys and would be most likely to do so before downloading the actual CC data.
[+] [-] pdknsk|12 years ago|reply
Somewhere, oclHashcat makes room temperature rise.
[+] [-] tigerweeds|12 years ago|reply
[+] [-] jere|12 years ago|reply
[+] [-] unclebucknasty|12 years ago|reply
Hmm. Maybe the fraudsters literally took the data. As in, Adobe no longer has our email addresses with which to notify us.
It may as well be that ridiculous.
[+] [-] slowdown|12 years ago|reply
Around November 2011, Apple screwed up one of it's premier softwares (Final cut pro) and Adobe jumped right in and offered a 50% discount to all of its Creative suites (version: 5.5). Their pitch then was - "Apple screwed up, try ours and hey, if you buy the suite, it's yours forever and you get peace of mind". And so I bought the Windows edition of one of their suites. A year later, CS6 was announced and I decided to wait for sometime before upgrading. Just to be clear, I shelled out almost $1000 on the CS 5.5 version.
In the last few months, I made the switch to a Mac and I found out that my license for Windows wouldn't work on a Mac. Fortunately, Adobe seemed to provide a "crossgrade" path, wherein I can just swap my platform at no additional cost. Sounds good? No. Except that you can't swap from an older version (CS 5.5) to a newer version (CS 6). You can only switch between platforms of the two same versions. Okay, that's in a way fair enough, since it's been over a year anyway and it's time to upgrade. So, let me just upgrade to CS6, I thought.
This is where it started to get messy. I searched for links to upgrade to CS6, and I did find a few. But they all re-directed to the stupid Creative Cloud edition. WTF?
[1] http://www.adobe.com/mena_en/products/creativesuite.html
I searched and searched and finally found a link that worked. I placed an order and 24 hours later, my order was cancelled for no reason. I had to search for that link I found earlier, again. After giving up finding the link, upon contacting customer support, I was tried to be pushed into the stupid Creative Cloud platform, again.
(Finally!)It's funny I had to spend so much time with support to purchase CS6, since Adobe clearly conveys that it intends to sell CS6 indefinitely. [2]http://www.adobe.com/products/cs6/faq.html
Even though the support person gave me the link to buy CS6, I thought it would be a good idea to probably re-consider CC again. So I checked on the Creative Cloud page to see if I could just pay $45 for say, about two months and later upgrade to CS6. But, again, Adobe tries to backstab its users. IF you cancel your CC subscription before 1 year, you will be billed 50% of the total amount (50% of ($45x12)) as a penalty. WTF?!! So, basically they want to beat their users to the ground as much as they can.
I decided to try alternatives, because I really wanted only a good Photoshop-like program and nothing else more (at that point). So, I searched, but I couldn't find. Now, this is highly deceptive on Adobe's part because they play a monopoly role clearly and they decided to backstab their users all of a sudden.
There is no easy way to buy CS6, there is no easy way to subscribe to CC for just a few months and the calculations they demonstrate are also deceptive at best. CC is more expensive than the boxed product.
One of my friends is a blogger, he has a huge follower count. Adobe contacted him and gave him a free 1 year subscription to CC. I was curious and I found a lot of bloggers reporting the same. One thing that was common in most of these Adobe contacted bloggers' posts, was how their stress to explain how the CC version was effectively cheaper than their boxed version.
So basically Adobe is indirectly bribing bloggers to write good stuff about their CC subscription.
Adobe's CEO is an incompetent backstabber who is totally fit for nothing. This was the same guy who argued with Steve Jobs that Flash on mobile rocks and later discontinued it. Backstab #1. I was a Flash developer previously. I was even jobless for a few days because I relied so much on this technology.
Adobe's CEO also backstabbed the much capable Flex eco-system. Do you know how many Flex developers are jobless now? Backstab #2.
And the Creative cloud (CC). Backstab #3.
That is why I feel happy that their source code was stolen. I was a genuine customer amongst a million others who just wanted to pay ONCE to use my software. I could have pirated like many others, but I didn't. I trusted them. But they took a U turn and decided to shoot us in the back.
Also, this guy is never straightforward: http://gizmodo.com/5984191/adobes-ceo-completely-refuses-to-...
This guy is incompetent and needs to be replaced. Atleast someone should file a class action suit for abusing their monopoly.
[+] [-] MarkMc|12 years ago|reply
> But, again, Adobe tries to backstab its users. IF you cancel your CC subscription before 1 year, you will be billed 50% of the total amount (50% of ($45x12)) as a penalty. WTF?!! So, basically they want to beat their users to the ground as much as they can.
What you call 'beat their users to the ground' I call 'charge fees which maximise their profit'. They are not being deceptive - their price list clearly states, "Requires annual commitment; billed monthly" [1]
> There is no easy way to buy CS6
If you Google "buy adobe cs6" the first result [2] allows you to buy a CS6 'Master Collection' licence for $2,599. Just click 'buy' then 'Add to cart'. Seems pretty easy to me.
> there is no easy way to subscribe to CC for just a few months
Not true - as pointed out by estel, you can easily subscribe for $75 per month. I think by 'easy' you mean 'cheap'
> the calculations they demonstrate are also deceptive at best
Can you provide a link to the deceptive calculations? Because to me the price list [1] seems to be fairly straightforward and honest
> CC is more expensive than the boxed product.
Doesn't that depend on how long you use the software for? You can buy a single month for $75 - I doubt that you can get the boxed product for cheaper than that.
> One thing that was common in most of these Adobe contacted bloggers' posts, was how their stress to explain how the CC version was effectively cheaper than their boxed version.
If it is true that Adobe implicitly says, "write good things about us and we'll give you free stuff" then I agree that this is pretty bad behaviour. (But if they say, "here is some free stuff, please write good things about us" then that would be OK as long as the blogger notes in their review that they had received the free stuff.) The fact that bloggers who received free stuff had previously wrote good things about Adobe is not sufficient to convict Adobe of indirect bribing. It could be that the bloggers who did not receive free stuff also wrote good things about Adobe (ie. their products are generally viewed positively)
> Backstab #1. I was a Flash developer previously. I was even jobless for a few days because I relied so much on this technology…Do you know how many Flex developers are jobless now? Backstab #2.
It sucks to lose your job, but is it really 'backstabbing' for Adobe to drop support for a platform they developed? For all software I expect the companies who develop it to say "this is a great product and we fully support it" right up until they day they drop that support. It's not like Adobe said, "we will support this product until at least 2015".
> [The CEO] is never straightforward...This guy is incompetent and needs to be replaced.
Personally I think it is very straightforward to say, "I refuse to discuss our pricing strategy with you". But in any case the CEO's job is to maximise profits - and using the strength of Adobe's market position to charge nosebleed prices sounds to me like he is doing just that. Not at all incompetent.
> At least someone should file a class action suit for abusing their monopoly.
It's not necessarily illegal to have a monopoly and charge a very high price for your products.
[1] http://www.adobe.com/products/creativecloud/buying-guide.htm...
[2] http://www.adobe.com/products/catalog/cs6._sl_id-contentfilt...
[+] [-] Samuel_Michon|12 years ago|reply
I understand why you would say that, but I don’t agree. At the time, I used Final Cut Pro 7 daily and when Final Cut Pro X was released, I didn’t immediately switch to it. I waited for multicam editing and XML export, and Apple delivered. That’s when I switched to Final Cut Pro X and it was a great improvement over version 7. When Adobe came up with Creative Cloud, I signed up. That meant I got Adobe Premiere as part of the package, but after trying it, I still much preferred Final Cut Pro 7. Comparing Premiere and Final Cut Pro X, for me, it’s not even a contest. With Final Cut Pro X, I’m way more productive than I ever was in FCP 7, Avid, Premiere or Media100.
Apple could’ve done better by offering the first few releases of FCP X as a free beta, but right now, FCP X is a way better product than FCP 7 ever was.
[+] [-] estel|12 years ago|reply
Isn't that what the monthly plan does [0]? $75 / month rather than $50, but with the option to only pay for individual months. I think they said they were originally thinking of freelancers who might only take on work that involved using CC a few times a year.
[0] http://www.adobe.com/products/creativecloud/buying-guide.htm...
[+] [-] petercooper|12 years ago|reply
[+] [-] pirho|12 years ago|reply
----------
Important Password Reset Information
To view this message in a language other than English, please click here.
We recently discovered that an attacker illegally entered our network and may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account.
To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. In addition, please be on the lookout for suspicious email or phone scams seeking your personal information.
We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.
Adobe Customer Care
[+] [-] uslic001|12 years ago|reply
[+] [-] ChuckMcM|12 years ago|reply
There is tremendous "pain" here (both for vendors and for customers) which, if effectively addressed, could be the next Google or Apple.
[+] [-] simula67|12 years ago|reply
Are you saying we need to create a cloud service that is completely secure ( which we know is impossible ). My understanding is that CloudFlare is already tackling the security aspects of hosted services and seem to be doing well.
[+] [-] bitserf|12 years ago|reply
Reason: Adobe charges basically double the US price in Australia/NZ if you buy from them directly, and I refuse to pay a location tax since it costs them zero dollars extra to send me bytes through CDNs.
[+] [-] jestar_jokin|12 years ago|reply