F-Secure found the file that was used to hack RSA and compromise the SecureID system. Kim Zetter of Wired News has more here.
This week Finnish security company F-Secure discovered that the file had been under their noses all along. Someone — the company assumes it was an employee of RSA or its parent firm, EMC — had uploaded the malware to an online virus scanning site back on March 19, a little over two weeks after RSA is believed to have been breached on March 3. The online scanner, VirusTotal, shares malware samples it receives with security vendors and malware researchers.
RSA had already revealed that it had been breached after attackers sent two different targeted phishing e-mails to four workers at its parent company EMC. The e-mails contained a malicious attachment that was identified in the subject line as “2011 Recruitment plan.xls.”
None of the recipients were people who would normally be considered high-profile or high-value targets, such as an executive or an IT administrator with special network privileges. But that didn’t matter. When one of the four recipients clicked on the attachment, the attachment used a zero-day exploit targeting a vulnerability in Adobe Flash to drop another malicious file — a backdoor — onto the recipient’s desktop computer. This gave the attackers a foothold to burrow farther into the network and gain the access they needed.
Enjoy Michael Mullany’s review of the Gartner Hype Cycle, with all the things tech predictors got right and all the things they got wrong: “we’re terrible at making predictions.” Lesson 6: Some technologies keep receding into the future There are some notable technologies that recur on the Hype Cycle and every time they appear they […]
Why we secretly love our cords. Tamara Warren: There’s a certain security in the cord. It’s the idea of connection, perhaps even dating back to our days in the womb. … A battery, no matter how sophisticated, is fleeting. When we have our cords with us, we are in constant pursuit of power, even when […]
The classic beatbox – not an expensive clone or a collection of cleverly-tweaked samples – is back. Roland’s TR-08 directly models the original machine’s analog circuits to recreate its sound as accurately as possible with modern digital technology, and joins revived versions of the TR-909[Amazon] and TB-202[Amazon] in the company’s lineup of boutique boxes. The […]
The Pry.Me Bottle Opener holds tens of thousands of times its own weight, and you can pick one up now from the Boing Boing Store.This remarkable keychain is considerably smaller than any of your keys, but don’t let that fool you: it can easily open any bottle, and could even tow a trailer full of […]
Guaranteeing your privacy online goes way beyond checking the “Do Not Track” option in your browser’s settings. To ensure that your internet activity is totally hidden from Internet Service Providers, advertisers, and other prying eyes, take a look at Windscribe’s VPN protection. It usually costs $7.50 per month, but you can get a 3-year subscription […]
This project management bundle will help you get organized and learn how to lead a team to success. You can pay what you want for these five courses when you pick them up from the Boing Boing Store.To help you become an invaluable asset for your company, this bundle includes a curated collection of professional […]