Cryptography researchers collected millions of X.509 public-key certificates that are publicly available over the web and found what they say is a shockingly high frequency of duplicate RSA-moduli keys.
RSA Security executives have outlined the company's 2012 product strategy, focusing on mobility, anti-threat and cloud security.
Earlier this week RSA executive chairman Art Coviello revealed that following the attack that compromised RSA SecurID tokens last year, the company has been sought after by others who do not want such an incident to happen to them.
The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token.
"I think it's cute," says Kenneth Weiss, who now runs a three-factor authentication business called Universal Secure Registry. "I don't think it's serious security."
While the repeated hacking of Sony's PlayStation Network service grabbed mainstream media attention this year, an even more surprising compromise was being played out with RSA's SecurID tokens, earning it a place in the Top 10 Influential list for 2011. The drama began on 18 March 2011 when security vendor RSA discovered it had been hit by an advanced persistent threat (APT) from an undisclosed nation state which took all the information stored on its SecurID tokens.
The attack that hacked RSA Security's network earlier this year succeeded because the company failed to take a basic security precaution, a researcher said Monday.
According to Rodrigo Branco, the director of Qualys' vulnerability and malware research labs, the malware targeted the decade-old Windows XP.
More than eight months after the RSA SecurID breach bombshell was dropped on the industry, security professionals still whisper among themselves at the long-term ramifications of what RSA called the extraction of "information related to the RSA SecurID product." To this day, RSA still won't confirm what exactly was stolen from its systems, but speculation has run high that the token seeds were compromised in some way.
Microsoft has integrated RSA's SecurID multiple authentication technology with Active Directory Federation Services, which lets companies extend identity data from the directory service to the cloud.
While ADFS provides user name and password services, RSA's technology goes several steps further by adding another layer of user authentication by way of a hardware or software token that generates an identifying code every 60 seconds.
The aftermath of the RSA SecurID token attack which occurred in March and led to the replacement of thousands of tokens, has continued with the revelation that customers of Australian Internet service providers, including Telstra and iiNet, may have been compromised.
This was because hackers used the same command and control techniques that infiltrated RSA to target 760 companies around the world.
October is designated as cybersecurity awareness month but, according to this month's fraud report from RSA, you'd be hard pressed to say that the message on IT security is getting across, as the firm has just thwarted its 500,000th phishing attack against one of its client's systems.
According to the report, during the month, phishing attacks rose by 45%, hitting an all-time high of 38,970 in September. The increase, says the security firm, is largely attributed to repeated attacks on a handful of large financial institutions.
The malware used to compromise RSA Security earlier this year may have been used in attacks against more than 700 other organizations, according to a report by security writer and analyst Brian Krebs.
Facebook, Google and eBay are among the 760 organizations that may have been hit by malware that used the same command and control infrastructure as the one used in the RSA breach, security writer Brian Krebs wrote on Krebs On Security on Oct. 24. Of the total list, about 20 percent are considered to be Fortune 100 companies.
