Data breaches, mobile security, and two major vulnerabilities seemed to be on everyone’s mind this week.
Just as the week was winding down, RSA posted a vague letter on its Web site reporting its network had been breached by unknown attackers and that some information had been stolen. RSA knew exactly what had been stolen, but downplayed the knowledge, saying only that it had something to do with the company’s popular SecurID two-factor authentication technology.
Current guesses fall in one of the two camps, that the thieves either stole the actual source code for the two-factor authentication software and physical hardware, or the actual seed library that authenticates the token onto the network. A third, but less often mentioned option is the theft of an algorithm generated seeds, which would only impact future deployments.
Also this week, members of Congress launched a Congressional probe into HBGary‘s contracts with the federal government. The members of House Armed Services Subcommittee on Emerging Threats and Capabilities grilled military and defense officials on what kind of services the federal government received from HBGary Federal and its partners. Ever since hacktivist organization Anonymous broke into the security company’s network, stolen its e-mails and then posted them online for public consumption, a number of lawmakers have become worried about what the company was doing.
The lawmakers said it was “deeply troubling” that “tactics developed for use against terrorists may have been unleashed against American citizens.”
Many of HBGary’s plans and tactics appeared to veer on the edge of illegality, such as the plans to threaten a journalist and launch a DDOS attack to steal back data.
Even as spammers are taking advantage of the tragedy in Japan and the looming nuclear crisis there was one piece of good news from the spam front: Rustock flatlined halfway through the week. Long considered the largest spam-sending botnet in 2010, it was shut down as part of “Operation b107,” where Microsoft’s digital crimes unit worked with law enforcement to ensure the people were authentic.
Intel closed its acquisition of McAfee on Feb. 28 and chatted with Wall Street analysts on March 15 to explain, yet again, just why a chipmaker had shelled out $7.7 billion for a security software company. McAfee will be focusing on mobile security and embedded applications, the joint companies said.
Adobe also announced a zero-day exploit in Adobe Flash, Adobe Acrobat and Reader X. The company said there was only one exploit in the wild taking advantage of the zero-day bug, and it was a malicious Flash code embedded inside a spreadsheet. There were no known exploits for Acrobat or Reader and Adobe pointed out that using Acrobat and Reader X would protect users from any exploits because of its sandboxing technology.
Unfortunately, scammers took advantage of Adobe’s recommendation to upgrade to X by sending out spam and phish encouraging users to “download” version X while delivering malware.
Google noticed an increase in attacks on Microsoft Windows and Internet Explorer machines. The attacks were “highly targeted and apparently political motivated,” and the company is working with its rival to mitigate the MHTML exploit. Google said it is working with Microsoft to patch the MHTML hole to protect future activists from being attacked.