EMC security division hacked; RSA products used by government, military potentially at risk

By on March 18, 2011 at 3:43 PM.

EMC security division hacked; RSA products used by government, military potentially at risk

In a filing with the Securities and Exchange Commission (SEC), information management company EMC admitted that an “extremely sophisticated” attack was in progress against its computer network. Specifically targeting the company’s security division, the intruders stole confidential data related to RSA’s SecurID products. EMC acquired RSA Security in the fourth quarter of 2006 for just under $2.1 billion. RSA SecurID provides a form of two-factor authentication that implements a second layer of network security to protect against outside threats and compromised passwords — the technology is used by governments, the military, financial institutions, hospitals, and businesses around the globe. RSA declined to comment on the nature of the attack, or provide information on exactly how much data was accessed by the network intruders. More →

4 Comments

iOS, BlackBerry OS fall at Pwn2Own

By on March 11, 2011 at 11:33 PM.

iOS, BlackBerry OS fall at Pwn2Own

Add Apple’s iOS and Research In Motion’s BlackBerry OS to the list of victims at this year’s Pwn2Own challenge. Conference veteran Charlie Miller, along with Dion Blazakis, deployed an exploit to iOS 4.2.1 through a vulnerability in Safari. By navigating to a custom-made webpage, the duo were able to execute remote code and gain access to the iOS address book. Vincenzo Iozzo, Willem Pinckaers, and Ralf Philipp Weinmann also utilized a WebKit-based vulnerability to take down a BlackBerry Torch running BlackBerry OS 6.0.0.246. The three researchers noted that the exploit used on the BlackBerry’s mobile OS was difficult to craft due to the lack of documentation, software tools, and resources available. They also noted that most of the operating systems security was achieved via obscurity, and stated that the company was “way behind the iPhone at the moment, from a security perspective.” No conference participants have yet to challenge Google’s Android or Microsoft’s Windows Phone 7 operating systems. More →

46 Comments