RSA security lapse led to March hack, says researcher

The attack that hacked RSA Security's network earlier this year succeeded because the company failed to take a basic security precaution, a researcher said Monday.

According to Rodrigo Branco, the director of Qualys' vulnerability and malware research labs, the malware targeted the decade-old Windows XP.

"The feeling is the target[ed PC] was running Windows XP SP3 ... with all the patches," said Branco in emailed answers to questions. The problem, said Branco, is that while Windows XP includes the DEP (data execution prevention) defensive technology -- Microsoft added DEP to XP in 2004 with Service Pack 2 -- it's not switched on by default. And RSA apparently neglected to turn it on.