Security firm RSA attacked using Excel-Flash one-two sucker punch

It has emerged that the underlying cause of RSA's SecurID gaffe was the recently-reported zero-day vulnerability found in Adobe's Flash Player.

The exploit, which used specially-crafted Flash embedding in Excel spreadsheets, was first reported on March 15 and has since been fixed. RSA was hacked sometime in the first half of March when an employee was successfully spear phished and opened an infected spreadsheet. As soon as the spreadsheet was opened, an advanced persistent threat (APT) -- a backdoor Trojan -- called Poison Ivy was installed. From there, the attackers basically had free reign of RSA's internal network, which led to the eventual dissemination of data pertaining to RSA's two-factor authenticators.

The attack is reminiscent of the APTs used in the China vs. Google attacks from last year -- and indeed, Uri Rivner, the head of new technologies at RSA is quick to point out that that other big companies are being attacked, too: "The number of enterprises hit by APTs grows by the month; and the range of APT targets includes just about every industry. Unofficial tallies number dozens of mega corporations attacked [...] These companies deploy any imaginable combination of state-of-the-art perimeter and end-point security controls, and use all imaginable combinations of security operations and security controls. Yet still the determined attackers find their way in."

What we'd like to know, though, is whether the attack on RSA was caused by Adobe's lackadaisical approach to patching Flash -- or was it the other way around? Was it the RSA attack that first brought the zero-day vulnerability to Adobe's attention?

Security firm RSA attacked using Excel-Flash one-two sucker punch originally appeared on Download Squad on Wed, 06 Apr 2011 06:55:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

F5 NETWORKS EPICOR SOFTWARE EMULEX

Behold: Path Comes To Android In Public Beta

Well, well, well. It looks like everybody's favorite limited social networking and photo-sharing app has finally come to Android. That's right, today Path announced via its blog that Path for Android will be available in the Android Market beginning today. And sure it enough, it is. Check it out. But this is by no means a finished product. Path considers Version 1.0 of its Android app to be a public beta, using it to test the waters and learn what works and doesn't work as it ports to a new mobile OS. This maiden voyage for Android has quite a few of the familiar features that Path fans have come to enjoy, but according to Path Co-founder Dave Morin, there's much more to come.

INFORMATICA INFOCUS ZORAN

Samsung announces 32GB microSD card capable of 12MBps write speeds

Go shopping online for a microSDHC card and you'll find that while manufacturers don't hide the speed specs, they're not exactly crowing about 'em either. Make no mistake, though: Samsung is mighty proud of its new 32GB number, which boasts a class 10 speed rating and read / write rates of 24MBps and 12MBps -- ideal numbers for those of you who plan on making good use of your phone's 1080p camera. If you're a storage buff, you know that class 10 is the highest speed category for SD cards at the moment, and that it sits above classes 4 and 6 -- the tiers covering many other microSDHCs on the market. No word just yet on pricing, but we think it's safe to say you'll be dishing out a premium.

Continue reading Samsung announces 32GB microSD card capable of 12MBps write speeds

Samsung announces 32GB microSD card capable of 12MBps write speeds originally appeared on Engadget on Thu, 30 Jun 2011 12:02:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

VIRGIN MEDIA VIEWSONIC VERISIGN

Chess engine creator disqualified for cheating, forgot to say thank you

That familiar death-knell typically confined to Bobby Fischer's favorite pastime is taking a very real step outside the chessboard to corner one of its own. In a sweeping decision from the International Computer Games Association (ICGA), chess engine Rybka -- four-time World Computer Chess Championship winner -- and its creator, Vasik Rajlich, have been banned for life from chess' nerd World Cup for the uncredited use of competitor code. Reacting to controversy that the now-deposed winner owed its upper hand to rival engine Fruit's open-source roots, the ICGA assembled a 34-person panel and reverse engineered its way to a guilty sentence. Adding more insult to title-stripping injury, the gaming association has also demanded Rajlich (pictured above) return all trophies and prize money. It's a disheartening turn of events in the otherwise exciting man vs. machine board game battle that could have been easily avoided with a public 'please' and 'thank you.' Checkmate!

Chess engine creator disqualified for cheating, forgot to say thank you originally appeared on Engadget on Thu, 30 Jun 2011 21:16:00 EDT. Please see our terms for use of feeds.

Permalink Extreme Tech  |  Chess Vibes  | Email this | Comments

VISHAY INTERTECHNOLOGY VIRGIN MEDIA VIEWSONIC

ChillBed Laptop Cooling Stand Review

One of the problems with laptops is their tendency to overheat, which can damage internal components.� Their small size doesn?t allow a lot of venting nor big cooling fans to keep down heat.� And their portability often means that people are using them places that can block the cooling vents ? like on laps or [...]

NETGEAR NCR NATIONAL SEMICONDUCTOR

Dodge is a space-shooter in which you have no weapons

Space-shooters are usually a fairly fiery affair, with many types of guns, weapon upgrades, power-ups and more. Dodge does away with all of that, while keeping the very essence of a space shooter: Dark background, fast action, and stuff blowing up all over the place.

Your vector-looking spacecraft is the fastest thing on the screen, most of the time. And as the header implies, you have absolutely no weapons; you can't get any, either. All you have is agility and maneuverability.

Your opponents shoot heat-seeking missiles at you; the missiles lock on and start tracking you. The trick is to dodge the missiles while putting them in the path of one of your enemies, thus letting them have a taste of their own medicine.

There are three types of enemies, at least in the first few levels: "simple" spaceships which fire slow projectiles, "tanks" which seem to be more serious and take more hits to destroy, and "circles." The circles simply explode, spewing twenty or thirty very fast projectiles. This sounds dangerous, but is actually great once you learn to use them; they are very destructive for tanks, and can even blow up other circles.

The soundtrack is very techno, but it meshes very well with this type of game. Intense fun!

Dodge is a space-shooter in which you have no weapons originally appeared on Download Squad on Tue, 01 Mar 2011 17:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

QUANTUM QLOGIC PROGRESS SOFTWARE

Windows 8 wallpaper available to download, Jupiter and Twin UI spotted

With Windows 8 milestone 3 now up for grabs for select Microsoft Connect partners, it's inevitable that leaked bits and pieces will start popping up around the Web. In fact, the first "official" wallpaper image from the still-brewing OS is already making the rounds.

As you can see, it's got a similar feel to the good ol' Windows 7 default background, but features a more subdued smattering of cerulean hues. Those of you who want to use the Windows 8 wallpaper on your current desktop can download it from our file dump.

A few other details have been revealed, too. According to ZDNet's source, the Windows 8 Jupiter libraries and Twin UI are starting to take shape -- though all that's been located thus far are "[various files] scattered throughout the OS" and the aptly-named twinui.dll.

Windows 8 wallpaper available to download, Jupiter and Twin UI spotted originally appeared on Download Squad on Thu, 31 Mar 2011 10:45:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

AUTODESK AUTOMATIC DATA PROCESSING AVNET

LINK Grips Make Tongs Out of ANYTHING [Tools]

If MacGuyver could take down an international crime syndicate with a paper clip, two pieces of chewing gum and yesterday's issue of USA Today, imagine what he could do with these LINK grips that make one-handed tongs out of just about anything. More »

TEXAS INSTRUMENTS TERADATA TELETECH HOLDINGS

Mac OS X Lion Available in July from Mac App Store

Apple today announced that Mac OS X Lion ? the eighth major release of the world?s most advanced desktop operating system ? will be available to customers in July as a download from the Mac App Store for $ 29.99. OS X Lion offers more than 250 new features, including Multi-Touch gestures; systemwide support for [...]

SYNNEX SYMANTEC SYKES ENTERPRISES INORATED

Google's Looking Real Nice Right Now [Google+]

Holy crap, who let the designer out their cages at Google? The same day they launched the massive Google+ project, Google went around and prettied up all kinds of rough edges. Just take a look. More »

APPLIED MATERIALS ARIAN SEMICONDUCTOR EQUIPMENT ARROW ELECTRONICS

Internet Censorship Storm Is Coming, Warns Schmidt

Google Executive Chairman Eric Schmidt foresees more troublesome days ahead between the search engine giant and the governments of the world. Censorship is on the rise around the globe, he said Monday, at a Dublin summit on militant violence. It will step up considerably in the wake of the "Arab Spring" of 2011, Schmidt warned, which resulted in the overthrow of governments in Tunisia and Egypt.

EMS TECHNOLOGIES EMC ELECTRONICS FOR IMAGING

The Tech Inside Apple?s $50 Thunderbolt Cable

By Chris Foresman, Ars Technica
The first Thunderbolt compatible peripherals — Promise’s�Pegasus RAIDs — started shipping�on Tuesday. Using the RAIDs with a Thunderbolt equipped Mac, though, requires a rather expensive $50 cable that is�only available from Apple. We dug into the design of the cable to find out why Apple felt justified in charging $50 for [...]

NOKIA NVIDIA ORACLE

The New Google Calendar Sure Is Purty [Desired]

It may be too soon to tell quite how you feel about Google+, but let me tell you right now: the new Google Calendar look is love at first sight. Clean, smooth, sparse—it's everything we've every loved about Google's UI, coming out just at a time when the rest of its properties get more cluttered by the day. More »

SEAGATE TECHNOLOGY SCIENTIFIC GAMES SANDISK

As Google+ Invites Are Locked Down Here Are Some Work-arounds

Here in Europe we woke up to find Google had shut down the invitation process to Google +. So after a bit of testing I've found out the following how to bring your friends in to it while Google has a lock-down on the service. If you have an invite to join Google+, right click on the invite link you were sent on email and save the URL. Paste that URL to Twitter or Facebook or email it to some friends. With any luck some of them will get in via that link. I tried this by Tweeting my own invite link, and magically a few people managed to get an invite of their own. Most did not however, so this is not a full proof work-around. It seems to work if people waited a couple of minutes or refreshed the page after a minute. The better, more guaranteed hack is one or both of the following.

SALESFORCE COM SAIC ROCKWELL AUTOMATION

Johan's Ark Prepares For Its Maiden Voyage [Design]

Dutchman Johan Huibers decided to build an ark. Not a Lego or popsicle stick model, but a real-life replica of Noah's Ark built to scale. He began his work in 2008 and recently finished this $1 million project. More »

PALM OSI SYSTEMS ORACLE