Friday, April 15, 2011

RSA security breach the new age of "Ueber breaches"

RSA a trusted name in the security industry had a major security breach. Just like a giant can die from a virus that is a billion times smaller RSA got taught a lesson about human weaknesses.

According to articles in the press a worker at RSA decided to retrieve an email from the spam folder which contained an Excel attachment. The individual opened up the Excel spreadsheet to just have an embedded flash file execute, running an exploit against Adobe's flash player, which in the recent past had several vulnerabilities with "zero-day" exploits being available. This allowed the attackers to install a backdoor and work their way through RSA's systems and network.

Security experts are now convinced that RSA had the "seeds" of their security tokens exposed. So far RSA has neither denied nor confirmed this scenario. The seeds allow an attacker to calculate the security code that RSA's hardware tokens display and use for two factor authentication.

The magnitude of this security breach is yet to be understood since the token business is one of the key business that RSA has. Thousands of customers around the globe have been using RSA's solution.

Such an "Ueber Breach" is the first one of its kind but for sure not the last one. In our information reach society, where companies are competing to gather more and more information about individuals, we will see more and more of such security breaches. The cloud technology being another factor that potentially will accelerate the rate of security breaches of that magnitude.

Read RSA's press release

1SSA - Security Consulting, Training and Products

Epsilon security breaches

I received at least four notifications from various companies that have my personal information, notifying me that my email address and potentially other information had been exposed to an unauthorized third party as a result of a security breach at their marketing partner, Epsilon. All being the same format and verbiage. Telling me that Epsilon legal was potentially the source for the text.

This breach might have some people ask themselves: So why would someone steal email addresses? This breach seem to be just the first step in a much larger scheme. Back in 2008 PWC's job web site was breached, stealing thousands of email addresses and passwords. Initially nobody could understand why someone would go after such a site till cases of Paypal attacks surfaced and got connected to the PWC case. The individuals that had gained access to the emails and passwords were using them to access sites like Paypal, exploiting the fact that we all like to re-use passwords.

Read the official Epsilon press release

1SSA - Security Consulting, Training and Products