Is ADE safe to use/download?

[Waylander]

Hi everyone,
I was wondering whether it was safe to download and use ADE on my Mac, given all the customer details that keep being stolen, along with the other disasters such as zero day viruses. Is it ok for me to download ADE, or should I stay well clear? Particularly as the latest Mac update disabled Adobe updater, so that Mac's wouldn't fall prey to whichever adobe software versions that caused all the problems. Any advice would be much appreciated, as I bough two kobo ebooks, and don't know how else to download them.
Waylander

[EowynCarter]

The hack was related to adobe's servers, not ade. And you do need an adobe account for books with drm.

And what the hell is that zero day virus story about ?

I now use mantano on my tablet (android). Don't know if there are alternative software on mac that can handle adept.

[DiapDealer]

It's almost exactly as safe as any software that requires you to create a profile (in which personal details are stored) that is maintained on remote servers is.

[pdurrant]

Just use a different password on your ADE account than you use anywhere else, and you'll be fine even if they get hacked again.

It's good practise to never reuse a password.

[Waylander]

I decided to authorise my computer without actually registering, as it allows this and it seemed more secure. I don't think I will use it very much anyway, as its really bad.

[DiapDealer]

It is more secure. Unfortunately, it's also the easiest way to lose access to your future DRMed purchases should something ever happen to that computer/installation. The DRM for books downloaded to that authorised computer will be tied to that installation, and that installation only.

Not to suggest that that's a deal-breaker, by any means. Just understand that many people have been burned by that method--especially when they switch to an Adobe ID later, and realize they no longer have access to their past DRMed ebook purchases.

[Difflugia]

Quote:

Originally Posted by Waylander

I decided to authorise my computer without actually registering, as it allows this and it seemed more secure. I don't think I will use it very much anyway, as its really bad.

If you do that, remember that downloaded content is only usable on that specific installation of ADE. If you have to replace your computer or even reinstall the OS, you won't be able to use your books. That's not really a problem if you use Alf's scripts and that's how my setup was for a long time, but you're still prevented from redownloading the content in the future.

If you want the benefits of registering without giving away any information, you can use a gibberish email address. As far as I can tell, Adobe only checks that your email address contains "@" and ".", so sabbfhwpeqasdg@zzsawrsh.com is fine. After ADE is installed, you don't ever have to remember your login details unless you have to reinstall, so just write it down and keep it somewhere.

"Thank you for registering, Mr. Nsbne7baqenj!"

[calvin-c]

Quote:

Originally Posted by Difflugia

If you do that, remember that downloaded content is only usable on that specific installation of ADE. If you have to replace your computer or even reinstall the OS, you won't be able to use your books. That's not really a problem if you use Alf's scripts and that's how my setup was for a long time, but you're still prevented from redownloading the content in the future.

If you want the benefits of registering without giving away any information, you can use a gibberish email address. As far as I can tell, Adobe only checks that your email address contains "@" and ".", so sabbfhwpeqasdg@zzsawrsh.com is fine. After ADE is installed, you don't ever have to remember your login details unless you have to reinstall, so just write it down and keep it somewhere.

"Thank you for registering, Mr. Nsbne7baqenj!"

I routinely use noneof@yourbusiness.com to make my point, just in case a human actually reads it. Unlikely, I know, but possible.

Not reusing passwords is a great idea-except you need to have a system for remembering them. I currently have about 100 sites that require a login. Can I remember 100 passwords? I'm lucky to remember one-so I store my login information in a single password-protected document. Plus I write them down as a backup. Writing down passwords used to be a no-no but today security breaches are more often online rather than due to physical access-so the 'sticky note' password is less of a problem. I still don't recommend making it quite that obvious though. At least put it in a desk drawer, preferably locking.

[pdurrant]

Quote:

Originally Posted by Waylander

I decided to authorise my computer without actually registering, as it allows this and it seemed more secure. I don't think I will use it very much anyway, as its really bad.

Just to emphasize what others have said. This is an excellent way to lose access to your ebooks. The next time your OS corrupts or your disk dies, or you buy a new computer, you will no longer be able to open the books you've downloaded, nor will you be able to re-download the books to a new installation.

If you go this route, I strongly recommend making use of Alf's tools, and keeping good backups of your de-drmed ebooks.

[Waylander]

Thanks for your advice. Ive done the de-drming bit, so should be ok.

[jgaiser]

Quote:

Originally Posted by calvin-c

Not reusing passwords is a great idea-except you need to have a system for remembering them. I currently have about 100 sites that require a login.

I currently use the paid version of LastPass and really like it. Works in Windows, works in Linux, works on my iPhone. Generates random passwords and warns you if you're using the same password across multiple sites (which, unfortunately I had/have a bad habit of doing).

[eschwartz]

I will second the recommendation of Lastpass. Even the free (non-premium) version supplies all the functionality except for the mobile apps, and a few exotic options. It encrypts your data locally and stores only the encrypted blob without the password on their servers for multi-device sync, using military-grade encryption.

It will automatically generate secure passwords that are random enough to remain unbroken even AFTER adobe's servers were hacked. And Adobe claims the hacked passwords were from a backup that wasn't using contemporary security -- in other words, new accounts are protected far better.

http://arstechnica.com/security/2013...word-crackers/

Quote:

Originally Posted by @arstechnica.com

What is clear is that Adobe never should have stored passwords in a reversibly encrypted format. Company officials seemed to acknowledge that. In a statement to Ars, Adobe spokeswoman Heather Edell wrote:

Quote:

Either way, your best bet is to use a unique, randomly generated password. The harder your password is to break, the more likely the hackers will give up after cracking the passwords of the other 70% of people who didn't follow proper password security protocol.

http://arstechnica.com/security/2012...under-assault/

Quote:

Originally Posted by @arstechnica.com

But with few exceptions, the exponential wall rarely impedes most password crackers. As demonstrated by the RockYou dump, the typical person is notoriously sloppy when choosing a passcode. A full 70 percent of them contained eight characters or less. Only 14 million of the 32 million total were unique, showing that a large percentage of passwords are duplicates. Atom, the Hashcat developer and password-cracking expert, estimates that 66 percent of entries from the typical unsalted hash list can be cracked by a single person in less than two days.

So what can the average person do to pick a passcode that won't be toppled in a matter of hours? Per Thorsheim, a security advisor who specializes in passwords for a large company headquartered in Norway, said the most important attribute of any passcode is that it be unique to each site.

"For most sites, you have no idea how they store your password," he explained. "If they get breached, you get breached. If your password at that site is unique, you have much less to worry about."

It's also important that a password not already be a part of the corpus of the hundreds of millions of codes already compiled in crackers' word lists, that it be randomly generated by a computer, and that it have a minimum of nine characters to make brute-force cracks infeasible. Since it's not uncommon for people to have dozens of accounts these days, the easiest way to put this advice into practice is to use program such as 1Password or PasswordSafe. Both apps allow users to create long, randomly generated passwords and to store them securely in a cryptographically protected file that's unlocked with a single master password. Using a password manager to change passcodes regularly is also essential.

Of course, your email address will still be found and spammed, so you may wish to try the services of http://spamgourmet.com to act as a barrier between you and Adobe. Assuming you feel you will ever need the ability to email a password restore option.

I don't, but then, I only really use ADE for library books, and didn't bother registering. I couldn't care less if I lose future access to them, since they are only good for 3 weeks anyway.

[Katsunami]

Quote:

Originally Posted by eschwartz

I will second the recommendation of Lastpass.

If you run Windows, one can also look into Keepass2. It's open source and free.

It also runs on Linux and Mac (if you're not averse to Mono, and two days of fiddling), or you can use the Keepass 1.x data format and install the Linux-native KeepassX.

With regard to the Adobe-ID: I just leave it completely empty except for the e-mail address and password. The password is unique to that account (they all are, as I use Keepass2). I also de-DRM my books. If my Adobe Account gets hacked, I just abaondon it and create a new one.