[ISN] RSA security lapse led to March hack, says researcher

From: InfoSec News <alerts_at_private>
Date: Tue, 6 Dec 2011 04:54:03 -0600 (CST)
http://www.computerworld.com/s/article/9222422/RSA_security_lapse_led_to_March_hack_says_researcher

By Gregg Keizer
Computerworld
December 5, 2011

The attack that hacked RSA Security's network earlier this year 
succeeded because the company failed to take a basic security 
precaution, a researcher said Monday.

According to Rodrigo Branco, the director of Qualys' vulnerability and 
malware research labs, the malware targeted the decade-old Windows XP.

"The feeling is the target[ed PC] was running Windows XP SP3 ... with 
all the patches," said Branco in emailed answers to questions.

The problem, said Branco, is that while Windows XP includes the DEP 
(data execution prevention) defensive technology -- Microsoft added DEP 
to XP in 2004 with Service Pack 2 -- it's not switched on by default.

And RSA apparently neglected to turn it on.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Tue Dec 06 2011 - 02:54:03 PST

This archive was generated by hypermail 2.2.0 : Tue Dec 06 2011 - 02:58:56 PST