Ah yes, the rubber-hose cryptanalysis: http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis

It was 0-day when they got hit. Sad thing is that they do not tell how much time has passed since the hack.

I'm not sure, their wording around it is a bit convoluted

"... previously unknown zero-day vulnerability in Adobe’s ColdFusion application server. The vulnerabilities have only recently been addressed in Adobe’s APSB13-10 hotfix (CVE-2013-1387 and CVE-2013-1388) which was released less than a week ago."

To me that reads like 'it was a former zero-day exploit", as all exploits are.

Linode brought this issue to Adobe's attention. It's pretty clear that the hack happend 1-2 weeks BEFORE it was announced to the public on Friday. See: http://seclists.org/nmap-dev/2013/q2/3

seclists.org was one of the sites hit in the hack. See how they were down "over the last week". Also note that the Adobe security bulletin was release on April 9: http://www.adobe.com/support/security/bulletins/apsb13-10.ht...

So ya, these hackers found the problem (a 0-day in Coldfusion), used it against Linode. then Linode got Adobe to look into it and found the cause.

Not all exploits are zero-day exploits. As I understand it, a zero-day exploit is one that is used in the wild before it is disclosed. Plenty (most) vulnerabilities are only disclosed once a fix has been implemented.

I stand corrected

Yeah, maybe you're right. The text is a bit unclear about that.

Yeah, they didn't tell us when they got hacked, but seclist did (3/31/2013): http://seclists.org/nmap-dev/2013/q2/3

3/31/2013 is the backup they're reverting to, not when they got hacked though, right? (The email refers to "downtime over the last week", so I guess the hack happened around 6th April or later.

Is that really what you expected?