Stories about: RSA

A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it.

Much outrage has been expressed about Google's new privacy policy. People are acting as if they are shocked that Google would consolidate the personal information it gathers from its customers through all of its varied services. What is shocking to me is that none of these people, including members of Congress, seemed to see it coming.

It was another busy week for hactivists attacking the online targets of their ire. This time, hackers under the banner AntiSec appeared to have hacked the website of OnGuardOnline.gov, the U.S. government's online security website, in protest against the much-railed-against legislation Stop Online Piracy Act (SOPA) as well as other bills regarding intellectual protection. Similarly, the group Anonymous is believed to be behind the distributed denial-of-service attack on Thursday that brought down the European Parliament's website in what is thought to be retaliation for European support for the shutdown of the Megaupload file-sharing site the week before. Anonymous also opposes a treaty being ratified in Europe now called the Anti-Counterfeiting Trade Agreement. That deals with infringement of intellectual property rights.

Encryption keys on smartphones can be stolen via a technique using radio waves, says one of the world's foremost crypto experts, Paul Kocher, whose firm Cryptography Research will demonstrate the hacking stunt with several types of smartphones at the upcoming RSA Conference in San Francisco next month.

This group of security companies includes several that want to capitalize on technology ideas that were originally devised to serve communities of special interest but could now take on a wider cybersecurity role. Fixmo, for example, has its roots in the National Security Agency where its mobile security makes it possible to run critical applications in sandboxes that are insulated from the rest of the machine, making them less likely to fall victim to malware that might have infected the device.

Symantec this week took the highly unusual step of telling users of its pcAnywhere remote access software to disable or uninstall the software while it fixes an unknown number of bugs.

We recently deployed RSA SecurID software authentication tokens to replace the hardware tokens we had been using to provide strong authentication for remote access via a VPN client. Hardware tokens are more secure for two-factor authentication in some ways (but not in every way, as you'll see), but the software tokens can be used on mobile devices such as phones; they are much less expensive; and they can be deployed more quickly and easily. What's more, when a user no longer needs access, it's much simpler to disable a software token than it is to retrieve a hardware token from somewhere like China, Russia or India.

Angered by the move by federal authorities to shut down the popular website Megaupload on charges it illegally shared movies, TV shows and e-books, hackers said to be working on behalf of the hactivist group Anonymous late yesterday launched denial-of-service attacks against a number of websites, including that of the Department of Justice (DOJ) and the Recording Industry Association of America (RIAA).

Beyond addressing details about its big breach of 2011, RSA Security executives this week outlined its 2012 product strategy that is centered on three areas, mobility, anti-threat and cloud security.

Last April's RSA security breach was engineered by a nation-state whose ultimate goal was not to steal secrets about SecurID tokens but rather to use those secrets to compromise U.S. military contractors that protected their networks with the devices, RSA officials say.