Ad: Manage updates with the Download App
ie8 fix

RSA

The most secure Android phone in the world (maybe)

SAN FRANCISCO--Of all the multitudes of phones launching amid the grandeur of Barcelona this week, Motorola Solutions quietly broke champagne over one device from the back corner of a convention center here.

The Motorola AME 2000, originally announced a few weeks back, is not a phone for the average consumer. That makes sense, given that its public bow was at the RSA Conference 2013 this week, an annual confab of security nerds, experts, researchers, enterprise security vendors, and government representatives.

Motorola Solutions focuses on government and enterprise devices, and remains independent from the Google-owned Motorola Mobility. Its booth at RSA … Read more

RSA sees 'big data' as key to corporate security (podcast)

Big data is one the the big themes at this week's annual RSA security conference in San Francisco.

That's because analyzing a company's stores of data is another step in improving information security, RSA Vice President Brian Fitzgerald said.

"Classic security defenses are no longer that effective in a world where data centers no longer have a fixed perimeter. They're connected to suppliers and to customers. Information is flowing between partners on a massive scale," he said in an audio podcast (scroll down to listen).

Analyzing a company's data allows you to "… Read more

Why 'data breach' isn't a dirty word anymore

Three years ago one of the largest payment processors in the country reported that hackers had accessed its computer system, exposing millions of credit card numbers in what is believed to be the largest hacking-related security breach ever.

Heartland Payment Systems' CEO said at the time that the breach had occurred in 2008, but had only been discovered in January 2009. According to the DataLossDB site, the Heartland breach involved 130 million credit and debit card numbers. The company was sued by shareholders, but the suit was dismissed. Meanwhile, after pleading guilty to that hack as well as a slew … Read more

Why the security industry never actually makes us secure

SAN FRANCISCO--Every year, security vendors gather at the RSA conference here to reaffirm their commitment to fencing out hackers and keeping data safe. And every year, corporate and government Web sites continue to fall victim to basic attacks. Heck, ubersecurity firm RSA itself was compromised not that long ago, as was digital certificate heavyweight VeriSign, even if it didn't admit it for two years.

In other words, very little changes from year to year beyond the buzzwords du jour bruited about by security vendors. "It's Groundhog Day," says Josh Corman, director of security intelligence at Akamai. … Read more

Researcher to demo smartphone attack at RSA

A researcher plans to demonstrate an attack on a smartphone at the RSA security conference this week that starts with social engineering via a text message and leads to a malicious Web link that triggers a browser exploit and silently downloads a Trojan.

"It's a demo of a new attack vector on mobile, using a Remote Access Tool" called Nickispy, which showed up a few months ago in China, said Dmitri Alperovitch, formerly of McAfee Labs who is chief technology officer at a brand new startup called CrowdStrike. "No one has publicly demonstrated an end-to-end attack … Read more

Researchers find flaw in key generation with popular cryptography

A group of researchers has uncovered a flaw in the way public keys are generated using the RSA algorithm for encrypting sensitive online communications and transactions.

They found that a small fraction of public keys--27,000 out of a sample of about 7 million--had not been randomly generated as they should be. This means it would be possible for someone to figure out the secret prime numbers which were used to create the public key, according to The New York Times, which reported on the research today.

The research was led by James P. Hughes, an independent cryptology expert based … Read more

Anonymous, LulzSec spawn 'one of worst' quarters

Cyberattacks from Anonymous and LulzSec and breaches against everyone from Sony to Lockheed Martin turned the second quarter into "one of the worst on record," according to a new report from Panda Security.

Released this week, Panda's second-quarter report (PDF) examined the security landscape from April to June and highlighted a string of alarming incidents.

Pointing to the attacks by Anonymous and LulzSec against the likes of Sony, the U.S. Chamber of Commerce, the Spanish police, and several government sites, Panda said that the line between "hacktivism" and criminal behavor has gotten fuzzier.

Panda clearly questioned the methods of the new breed of hackers, saying that Anonymous calls its actions "peaceful protests," even though such actions are illegal. Also mincing no words with LulzSec, Panda said that "if you took the most irresponsible and brainless members of Anonymous and put them all together, they would be considered the most refined gentlemen compared to LulzSec."

Though LulzSec recently announced that it would be ending its attacks, the group urged other hackers to carry on the fight via operation Anti-Security, or AntiSec.… Read more

Attacks on Sony, others show it's open hacking season

There seems to be a groundswell of hacking activity recently. From the Epsilon breach that touched dozens of major U.S. companies and their millions of customers, and RSA replacing its customers' SecurID tokens after attacks on several defense contractors to Sony sites getting pummeled by hackers on a regular basis--all within the last few months.

What's going on?

"I truly don't think there's a higher instance of hacking right now. I think there's been a wave of media coverage," said Bruce Schneier, chief security technology officer of BT and one of the most … Read more

RSA to replace SecurID tokens following breaches

Following recent cyberattacks against several defense contractors, in which hackers breached security using stolen SecurID keys, SecurID maker RSA is promising to replace the tokens for customers concerned about the vulnerabilty of their network data.

In an open letter to all SecurID customers, RSA Executive Chairman Art Coviello acknowledged that the likely motive behind the March theft of SecurID token information was to obtain defense secrets and related intellectual property. RSA specifically warned customers at the time that the theft could breach their security.

In late May, defense contractor Lockheed Martin revealed that it had been attacked by intruders who … Read more

China linked to new breaches tied to RSA

Recent attacks on three U.S. defense contractors could be tied to cyberespionage campaigns waged from China, several security experts told CNET.

The incidents at Lockheed Martin, L-3 Communications, and Northrop Grumman appear to stem from a breach at RSA in March in which data was stolen related to RSA's SecurID two-factor authentication devices--widely used by U.S. government agencies, contractors, and banks to secure remote access to sensitive networks.

Lockheed confirmed to The New York Times on Friday that hackers had used data stolen in the RSA breach and other methods to figure out the coded password of … Read more