rsa

Fake CNN site from phishing e-mail hides a Trojan

A new e-mail that is circulating looks like it comes from CNN and links to a fake CNN Web page offering "graphic" video related to the Israel-Hamas conflict but instead hosts a Trojan that steals sensitive data, RSA said on Thursday.

When someone clicks on the video link on the fake CNN site an error message pops up urging the visitor to download the latest version of Adobe Flash Player. Clicking on the download link installs an "SSL stealer" Trojan that captures financial and other sensitive information, RSA said in a blog.

The Trojan looks for … Read more

Taking the classical approach to security

Ari Juels' fascination with numbers is the stuff of fiction, literally.

The chief scientist and director of RSA Laboratories recently completed a novel in which the protagonist is hired by the U.S. government to counter the efforts of Pythagoreans, a Greek group that believed in the supremacy of numbers--subscribing to the notion that by mastering numbers, one could understand and control the forces of the universe.

That concept, he told ZDNet Asia during a recent visit to Singapore, had been "a little silly" until cryptography developed to a stage where "mastery of certain mathematical problems could in principle lead to considerable power over computing resources and consequently over our lives."

The book, which will be launched at the RSA Conference 2009 in San Francisco in April, was in essence, the coming together of two of Juels' interests--computer security and classical literature. He graduated from Amherst College in 1991 with degrees in Latin Literature and Mathematics.

Thirty-eight-year-old Juels, who joined RSA in 1996, shed some light on recent RFID (radio frequency identification) issues in e-passports, identity documents, and transport-related systems, as well as how to balance security and privacy.

Q: What are you currently working on? Juels: With the acquisition of RSA by EMC, we've turned our attention to some of the special security problems that storage systems present. In particular, we've looked at...the ability of a client to verify that a file that is stored on remote servers is still there--intact. We've been able to develop a protocol which accomplishes the seemingly paradoxical property of enabling a client to verify that a file is completely intact--that every bit is there, not a single bit has been changed--without downloading the file. In fact, the archiving service can send a very short proof--some tens of bytes--and that's enough for the client to establish that the file is completely retrievable. That's been a major area of research for us.

Is there a name for this concept? Juels: There've been several names. I guess the most recent is an acronym called HAIL, for High Availability and Integrity Layer.… Read more

Microsoft and RSA partner on Data Loss Prevention

Microsoft and EMC's RSA on Thursday announced an expanded technology partnership around digital rights management in the enterprise.

There are two parts to the announcement, said Douglas Leland, general manager of the Identity and Security Business Group at Microsoft. One, Microsoft will build RSA's Data Loss Prevention (DLP) prevention classification into the Microsoft IT platform and future information protection products.

The other part of the announcement, said Leland, is that RSA will in turn integrate Microsoft's Active Directory Right Management System (RMS) into its DLP product. "This makes RSA's DLP solution identity-aware."

Microsoft and … Read more

IBM's end-to-end security play

One of the things that distinguishes security from other IT disciplines is its massive scope.

In simple terms, if you own the corporate network, you care about switches, routers, and traffic going from Point A to Point B. If you own security, you have to look up and down the old "technology stack" while keeping an eye of physical security and cross-company business processes. Little wonder why so many companies experience so many data breaches.

For years, the security industry seemed to disregard the broad scope of problems faced by enterprise organizations. Instead, even the biggest security firms … Read more

Nuggets from RSA

After four days of endless meetings, cocktail parties, and security discussions, I had a rainy weekend in Boston to reflect on last week's RSA Conference in San Francisco. Here are some of my general impressions:

Everyone said that they are feeling the economic pinch in their businesses with deals getting smaller and often delayed.

Ironically, with all of the industry cost-cutting, trade shows are an absolute rip-off and this one takes the cake. Want bottled water in your booth? How about $100 for a case (i.e. 24) of 8-ounce bottles? Want a table and chairs? OK, $… Read more

Press barred from Gore's RSA speech

When Al Gore agreed to talk at the end of the RSA 2008 conference, the 2007 Nobel Laureate stipulated in his contract with RSA that no members of the press would be allowed inside the keynote address. Many of my colleagues in the press were put out about this, and rightly so.

Fortunately, this year I was registered as a speaker at RSA 2008, so I didn't have my usual press pass (although the nice guardians at the press room door certainly didn't stop me from going inside).

Since individual attendees at RSA are allowed to blog and … Read more

Gore's RSA talk updates 'Inconvenient Truth'

SAN FRANCISCO--Global warming is real, and new evidence shows it may be worse than we previously thought, former Vice President Al Gore said during an RSA keynote address on emerging green technologies Friday.

The talk, which ran 45 minutes and closed the conference here, updated the presentation used in his Academy Award-winning documentary An Inconvenient Truth.

Friday's talk was similar to one Gore delivered in February at the annual TED conference, but without the slides. During the speech here, the 2007 Nobel Laureate was interrupted by hecklers three times; each was removed by security.

In an arrangement with RSA, … Read more

Malcolm Gladwell tells security folks: Don't think too much

SAN FRANCISCO--Malcolm Gladwell had a message for the hordes of security professionals attending RSA 2008 here on Thursday--too much information can impair your judgment.

That's one of the central themes in his bestselling book, Blink: The Power of Thinking Without Thinking. "The ability to show judgment, to exercise judgment is just about the most important thing any decision maker can possess," he said in his keynote addresses.

He then gave examples of cases in which overthinking and careful analysis have led to bad consequences.

Studies have shown, for instance, that emergency room doctors are much better at … Read more

Avoiding the Big One. It's not all that hard

It's fashionable to dismiss trade shows as so 1998, but there's usually always something that makes it worthwhile if you look hard enough. So it was, the coolest thing I saw at the RSA 2008 conference this week was a prototype portable virtualization technology that SanDisk will begin selling in the second half of the year.

The product, developed in conjunction with Check Point, lets you copy a protected version of your apps and then plug into any client machine. When you're done, the "virtualized" version of your desktop disappears after logging out.

My hunch … Read more

Expert says flawed e-voting systems need constant audits

Elections departments around the country have spent millions on electronic voting systems that are flawed and officials aren't about to throw them out and start all over. The only solution is to conduct audits to verify the count after every election, a researcher and expert on electronic voting said at RSA 2008 on Thursday.

David Wagner, computer science professor at University of California, Berkeley, led a state of California-commissioned study last year of the three major electronic voting systems. The study found serious vulnerabilities in each system that would allow someone with access to just one of the machines … Read more