NSA Chief Exhorts Tech Industry to Join Effort to Bolster Security
Today's topics include the National Security Agency director's plea for the tech industry to partner with it on security, Snapchat's disclosure that a data breach occurred because a fake CEO phishing email fooled a worker, how a new vulnerability is affecting the Secure Sockets Layer protocol and EMC's transition from hard-disk storage to new flash arrays.
U.S. Navy Admiral Michael S. Rogers, commander of the U.S. Cyber Command and director of the National Security Agency, took the stage at the RSA Conference in San Francisco on March 1 to say he wants to work with the technology industry to help defend both the security and privacy of Americans.
In an effort to improve security, Rogers said Cyber Command is looking at how data is stored, especially now that data is a commodity of interest to many who want to steal it.
Online fraudsters managed to fool an employee of photo-chat service Snapchat, convincing the unnamed worker to send information on several current and former employees to the attackers, the company said in a statement on Feb. 29.
Three days prior, an employee received an email sent to Snapchat's payroll department requesting financial information on an undisclosed number of employees.
The worker responded to the email and "payroll information about some current and former employees was disclosed externally," the company stated.
DROWN, which stands for "Decrypting RSA with Obsolete and Weakened eNcryption," is a newly disclosed vulnerability that could be exposing millions of sites to risk today.
The DROWN attack is a vulnerability that can enable an attacker to decrypt intercepted Transport Layer Security links by abusing connection to a Secure Sockets Layer Version 2 server that uses the same private key.
However, the DROWN attack is specific to the legacy SSL Version 2 protocol, and the impact of the flaw is not nearly as widespread as the Heartbleed SSL flaw that was discovered in April 2014.
EMC is in the process of being bought by Dell, but that hasn't discouraged it from introducing new data storage products.
On Feb. 29, EMC unveiled a new heavy-duty all-NAND flash array, a re-engineered VMAX all-flash array and new software for mainframes at the SHARE 2016 conference in San Antonio, Texas. The new flash products are a sign that EMC is saying good-bye to hard-disk drives.