Mac malware, Sony, Lulzsec, Facebook facial recognition, Lockheed/RSA - 90 Sec News - May 2011 (by SophosLabs)
Mac malware, Sony leaks, Lulzsec attacks, Facebook facial recognition, Lockheed/RSA - watch May’s security news in just 90 seconds!
Source: youtube.com
Last updated about an hour ago
RSA Security is to replace virtually every one of the 40 million SecurID tokens currently in use as a result of the hacking attack the company disclosed back in March. The EMC subsidiary issued a letter to customers acknowledging that SecurID failed to protect defense contractor Lockheed Martin, which last month reported a hack attempt.
SecurID tokens are used in two-factor authentication systems. Each user account is linked to a token, and each token generates a pseudo-random number that changes periodically, typically every 30 or 60 seconds. To log in, the user enters a username, password, and the number shown on their token. The authentication server knows what number a particular token should be showing, and so uses this number to prove that the user is in possession of their token.
The exact sequence of numbers that a token generates is determined by a secret RSA-developed algorthm, and a seed value used to initialize the token. Each token has a different seed, and it’s this seed that is linked to each user account. If the algorithm and seed are disclosed, the token itself becomes worthless; the numbers can be calculated in just the same way that the authentication server calculates them.
This admission puts paid to RSA’s initial claims that the hack would not allow any “direct attack” on SecurID tokens; wholesale replacement of the tokens can only mean that the tokens currently in the wild do not offer the security that they are supposed to. Sources close to RSA tell Ars that the March breach did indeed result in seeds being compromised. The algorithm is already public knowledge.
As a result, SecurID offered no defense against the hackers that broke into RSA in March. For those hackers, SecurID was rendered equivalent to basic password authentication, with all the vulnerability to keyloggers and password reuse that entails.
RSA Security Chairman Art Coviello said that the reason RSA had not disclosed the full extent of the vulnerability because doing so would have revealed to the hackers how to perform further attacks. RSA’s customers might question this reasoning; the Lockheed Martin incident suggests that the RSA hackers knew what to do anyway—failing to properly disclose the true nature of the attack served only to mislead RSA’s customers about the risks they faced.
RSA is working with other customers believed to have been attacked as a result of the SecurID compromise, though it has not named any. Defense contractors Northrop Grumman and L-3 Communications are both rumored to have faced similar attacks, with claims that Northrop suspended all remote access to its network last week.
A well-crafted e-mail with the subject line “2011 Recruitment Plan” tricked an RSA employee to retrieve from a junk-mail folder and open a message containing a virus that led to a sophisticated attack on the company’s information systems, a top technologist at the security vendor says in a blog.
An Excel spreadsheet attached to the e-mail contained a zero-day exploit that led to the installation of a backdoor virus, exploiting an Adobe Flash vulnerability, which Adobe has since patched, writes Uri Rivner, head of new technologies, identity protection and verification at RSA, in a blog posted Friday.
RSA unveiled on March 17 that an attacker targeted its SecurID two-factor authentication product in what it termed an advanced persistent threat breach (see RSA Says Hackers Take Aim At Its SecurID Products). An APT refers to sophisticated and clandestine means to gain continual, persistent intelligence on a group such as a nation or corporation. Rivner’s blog is the first substantial public comment on the breach since Coviello’s statement.
RSA on Monday also announced it is acquiring Netwitness, the network security company that provides real-time network forensics and automated threat analysis solutions. In a statement, Netwitness founder and CEO Amit Yoran alluded to the breach: “Recent events reinforce the passion and commitment we have shared for years - to help you combat zero-day attacks, targeted and advanced threats, and other sophisticated security problems.”
Netwitness technology and personnel helped identify the APT attack as it progressed, enabling RSA to launch an aggressive defense, an individual close to RSA says. But the breach had nothing to do with the acquisition; negotiations between RSA and Netwitness began before March 17.
According to Rivner, the exploit injected malicious code into the employee’s PC, allowing full access into the machine. The attacker installed a customized variant of a remote administration tool known as Poison Ivy, which has been used in APT attacks against other companies. Such tools set up a reverse-connect model, which Rivner explains pulls commands from the central command and control servers, then execute the commands, rather than getting commands remotely, making them harder to detect.
Rivner’s analysis of the breach determined the attacker had sent two different phishing e-mails over a two-day period to two small groups of RSA employees. “You wouldn’t consider these users particularly high profile or high value targets,” he says. Once inside, the attacker sought out employees with great access to sensitive information. “When it comes to APTs, it is not about how good you are once inside, but that you use a totally new approach for entering the organization,” Rivner says. “You don’t bother to just simply hack the organization and its infrastructure; you focus much more of your attention on hacking the employees.”
The RSA official says the attacker initially harvested access credentials from the compromised employee and performed privilege escalation on non-administrative users in the targeted systems, and then moved on to gain access to key high value targets, which included process experts and IT and non-IT specific server administrators.
“If the attacker thinks they can exist in the environment without being detected, they may continue in a stealth mode for a long while,” Rivner says. “If they think they run the risk of being detected, however, they move much faster and complete the third, and most ‘noisy’ stage of the attack. Since RSA detected this attack in progress, it is likely the attacker had to move very quickly to accomplish anything in this phase.”
Rivner says the goal of the attacker is to extract information. In this assault, he says, the attacker gained access to staging servers at key aggregation points to prepare for extraction. Next, the attacker accessed servers of interest, moving data to internal staging servers to be aggregated, compressed and encrypted for extraction. Then, the attacker used file transfer protocol to transfer many password protected RAR files from the RSA file server to an outside staging server at an external, compromised machine at a hosting provider. The files were subsequently pulled by the attacker and removed from the external compromised host to remove any traces of the attack.
1 | 2Next Page »
The Department of Homeland Security is working with RSA in investigating what the IT security vendor characterized as an extremely sophisticated attacked aimed at its SecurID two-factor authentication products.
DHS spokeswoman Amy Kudwa said in a statement issued late Friday afternoon that the department is working with RSA by leveraging the technical, investigative and mitigation expertise of federal agencies to address the assault. “We take threats to our cyber infrastructure as seriously as we take threats to our conventional, physical infrastructure,” she said.
Kudwa said federal agencies and departments have been informed of the vulnerability and provided with mitigation measures, in coordination with RSA, adding that DHS also is distributing similar information to its critical infrastructure partners. Kudwa did not provide details on the mitigation measures.
Inquires to the office of White House Cybersecurity Coordinator Howard Schmidt, the Pentagon and the National Security Agency all were referred to DHS. RSA did not respond to a request Friday for an interview.
RSA Executive Chairman Art Coviello, in a posting on the RSA website Thursday, said a company investigation led officials to believe the attack is in the category of an advanced persistent threat. An APT refers to sophisticated and clandestine means to gain continual, persistent intelligence on a group such as a nation or corporation.
In a letter posted on the RSA website on Thursday, Coviello promised qualified transparency in addressing this problem. “As appropriate,” he said, “we will share our experiences from these attacks with our customers, partners and the rest of the security vendor ecosystem and work in concert with these organizations to develop means to better protect all of us from these growing and ever more sophisticated forms of cybersecurity threat.”
Nevada’s state chief information security officer said he found Coviello’s comment reassuring. “They did the right thing,” CISO Christopher Ipsen said. “As a result, I am more comfortable than I would have been had I heard about the APT from some other source.”
Ipsen, an RSA certified administrator, said he looks forward to working in concert with RSA to address challenges facing SecurID.
To help customers, RSA issued nine recommendations it says should strengthen SecurID implemantions (see RSA’s 9 Recommendations to SecurID Customers).
SecurID consists of a token, either hardware or software, that generates an authentication code at fixed intervals - about once a minute, for instance - using a built-in clock and an encoded random key known as a seed. The seed is different for each token, and is loaded into the corresponding RSA SecurID server as the tokens are acquired. (see RSA SecurID: A Primer).
Coviello said RSA’s investigation revealed that the attack resulted in information being extracted from the company’s IT systems. “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack,” Coviello said. “We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.”
Coviello said RSA has no evidence that customer security related to other RSA products has been similarly affected. “We do not believe that either customer or employee personally identifiable information was compromised as a result of this incident,” he said, adding that RSA will give its SecurID customers the tools, processes and support required to strengthen the security of their IT systems in the face of this incident.
The attack came one day after the top cybersecurity executive at the Department of Homeland Security told Congress that government and private-sector IT systems are at risk from such attacks (see Experts Question Infosec Readiness). “Sensitive information is routinely stolen from both government and private sector networks,” Philip Reitinger, DHS deputy undersecretary for national protection and programs told the House Homeland Security Committee. “We currently cannot be certain that our information infrastructure will remain accessible and reliable during a time of crisis.”
Just now Top security firm RSA Security revealed by extremely sophisticated hack, Read complete Story here - http://www.thehackernews.com/2011/03/top-security-firm-rsa-security-revealed.html
Now, RSA Release Open Letter to RSA Customers, as given below :
Like any large company, EMC experiences and successfully repels multiple cyber attacks on its IT infrastructure every day. Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.
Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.
We have no evidence that customer security related to other RSA products has been similarly impacted. We are also confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident.
Our first priority is to ensure the security of our customers and their trust. We are committed to applying all necessary resources to give our SecurID customers the tools, processes and support they require to strengthen the security of their IT systems in the face of this incident. Our full support will include a range of RSA and EMC internal resources as well as close engagement with our partner ecosystems and our customers’ relevant partners.
We regret any inconvenience or concern that this attack on RSA may cause for customers, and we strongly urge you to follow the steps we’ve outlined in our SecurCare Online Note. APT threats are becoming a significant challenge for all large corporations, and it’s a topic I have discussed publicly many times. As appropriate, we will share our experiences from these attacks with our customers, partners and the rest of the security vendor ecosystem and work in concert with these organizations to develop means to better protect all of us from these growing and ever more sophisticated forms of cyber security threat.
Sincerely,
Art Coviello
Executive Chairman, RSA
Source : http://www.rsa.com/node.aspx?id=3872
loading tweets…
antinwo
ragemovement
trollingchannel
brooklyntheory
freespiritedculture
fuckyeahvintage-retro
dawnofconsciousness
thescienceofreality
did-you-kno
novelcombinationofwords
thisistheverge
mineralia
iheartchaos
fuckyeahmineralogy
psychedelicmandala
smoaktrees
newmilitant
snakes-and-cupcakes
scottrossi
scinerds
weedporndaily
wanderinthedaylight
thefourtwentytimes
theblackcathacker
theogonic-symphonic-tragedy
antidelusions
mylittlerewolution
galaxyshmalaxy
peaceblaster
diaryofanarabfeminist
mentalalchemy
letsget-stoned
thecouscousqueen
thatsgoodweed
herochan
culturerevo
dancepunksnotdead
femalerappers
cosmic-ketamine
imageoscillite
laughingsquid
optimoprime
guruwithin
eclectic-earthchild
monochromemotion
zodiacsociety
kushandwizdom
we-are-star-stuff
fuckyeahmarxismleninism
anoncentral
psych-facts
letstalkbitcoin
alchemygrip
kateoplis
drugsandweed
neuvisions
projectqueer
emergentfutures
industrialpunk
arcaneo
girtabaix
spiritualevolution1111
advice-animal
cosmic-rebirth
paradiseoroblivion
weakened-knees
chronicmeds
bitcoinforum
mothernaturenetwork
lukexvx
nug-shots
themineralogist
neurosciencestuff
lifting-of-the-veil
wombatattack
theawakenedstate
freeusapress
fuckyeahanarchopunk
devilslettuce-
italdred
wlfgang
redwingjohnny
we-all-share-one-moon
alwaysinsearchoflight
ganjadub
barack0ganja
theartofanimation
riseresistandrevolt
cultureofresistance
aatmagaialove
harrypotterhousequotes
revoltriot
iraffiruse
apolonisaphrodisia
pig-along
steampunktendencies
hippieseurope
fromstarstostarfish
idlenomorewisconsin
yogachocolatelove
onlinecounsellingcollege
brutalpanda
astralsailor
peacepunx
inspirinquotes
witchingtime
opensourceaussie
amodernmanifesto
stopkillingourworld
the-koala-wolf
theworkingtools
when-stars-die
trashgypsy
voiceofnature
flies-of-butter
iambinarymind
lonelystarseeds
thedailydoodles
vortexanomaly
barefoot-hooping
raincoaster
djc-kay
anti-propaganda
fuckyeah-stars
elysium-continuum
child-of-the-universe
identity-anxiety
brotheridris
arnoldsnarb
merryprankster
lunarshadesofindigo
digitalmartyrs
oak-trees-willow-leaves
danceforthatanarchy
thinksquad
ofthefaeries
420hunnys
paradoxicalparadigms
bcotmedia
fyeahnorthafricanwomen
jamaicangold
chocolatemakesmecalm
stonerthings
fallintoubiquity
erisandkallisti
re-habilitate
serefsizkiz
kgthunder
anarcho-queer
joshuaduane
higginst
peace-blaster
in-lackech
mineralists
feelfreetotripballs
divine-consciousness
n0-reflections
earthofeye
illfindsleepintheendtonight
1ntr0sp3cti0n
globalconsciousevolution
eibomb
anarchyagogo
anticapitalist
icthruwalls
wickedknickers
8bitfuture
spiritrealmer
enjoyana
sruo4sow2
hippiedreamin
jai-guru-dev-ohm
starseedthoughts
deepwithinthemind
universalequalityisinevitable
gloomytreehouse
psychiccupcake
doangivadam
scienceofthespirit
wespeakfortheearth
enter-the-floyd
graffquotes
ragennolee
spacexwoods
your-maj3sty
livefreefromworry
themoonphase
maggotfarm
the-magic-hippie
motherjones
neuroticthought
themagicfarawayttree
livinthiscalilife
lastrealindians
duckduckgo
elementalmusings
trekgate
splendidspoon
respecttrees
howtobecomeavirgin
thcfinder
magicaleaf
afreesong
i-should-be-sleeping
thesubversivesound
mal3
compost-in-training
fyeahderrickjensen
destroyangels
kwikset
eirecrescent
orbooks
mrholise
unitehere
the-dank-sidee
thepoliticalnotebook
lilithlela
eeuphoric
skramamme
ikenbot
tumblslack
revjalen
brotherecho
avocadoelephant
anukkinearthwalker
sustainableprosperity
rhymeandriot
aries-fairy
bradicalmang
awakentotheuniverse
politically-controversial
chichiliki
onesmallstepformankind
dispositivo
celticsight
thegardennymph
antipress
rawlivingfoods
sidewalkexecutive
potculture
truthstream
naughtydred
anthonyjosafiend
weareallcompost
reverseobsolescence
thedailywhat
idleoctopus
newro
atari-teenage-riot
quantum-consciousness
frecklednose
blissfullybaked
idlenomore
courageheartmind
thepeoplesrecord
sustained-disgust
agritecture
you-are-another-me
flipyeah
earthschild
f4t15
thisisnotjay
d4hm3r
4humanity
billhicks
witchcounty
fuckyeahanarchistbanners
dropthedank
reconnect-restore-rewild
opheliacdreamswithyou
hosstito
zentips
garfieldminusgarfield
acidateyourbrain
itison
worldwideriot
psychonautik
astitchinthehedge
thecloudix
operationfahrenheit
dougy420
growthofthesoil
louisemcnaught
girlsandrevolts
ohtomorrow
guerrillatech
marijuanalogs
kickrockscolorado
vandalsandtrains
cleverhacks
nakedmeditation
mjdeeze
theuniverseworks
cracki11as
bitcoinnews
benandjerrys
dmoncore
fuckyeahalbuquerque
inherit-the-wasteland
whitedork
odds and ends. #thriftstorecouture T-Shirts $7.77 recycled skate in clothes you can afford to destroy. fuckfiftydollartees
Ayahuasca. A psychoactive substance use to separate soul from body, visit the gods of the...
Top
