Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

RSA security lapse led to March hack, says researcher

Gregg Keizer | Dec. 6, 2011
The attack that hacked RSA Security's network earlier this year succeeded because the company failed to take a basic security precaution, a researcher said today.

Microsoft implicitly agreed last spring when it said that the Excel-based attack could not have worked on PCs running Office 2010, which automatically enables DEP.

Microsoft also published a security advisory shortly after RSA confirmed the attack, telling users that they could protect their PCs by switching on DEP in older versions of Office using the Enhanced Mitigation Experience Toolkit (EMET).

Instructions for switching on DEP in Windows XP SP2 and SP3 are available on Microsoft's website.

Researchers suspect that the RSA attack originated in China , based on the location of the malware's command-and-control (C&C) servers and other evidence.

RSA did not immediately reply to a request for comment or confirmation of Branco's analysis.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.