Topic: RSA exposure and what it means to people when the obscurity of a statement tells you nothing about what happened and why you should be very, very scared.
You could even contrast this a little with the Fukushima nuclear issues due to the lack of information coming out of there. Here’s a good blog post about it: http://steve.grc.com/2011/03/19/reverse-engineering-rsas-statement/
Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations
“The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file. It was a spreadsheet titled “2011 Recruitment plan.xls.
The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability (CVE-2011-0609). As a side note, by now Adobe has released a patch for the zero-day, so it can no longer be used to inject malware onto patched machines.”
Topic: Comodo SSL hack
I know this is starting to sound a lot like a security show, but this would have big implications for things if we are seeing a rogue CA offering certificates that don’t trip people up. The Stuxnet attack used stolen certs from a couple of Taiwan electronics manufacturers. Imagine if they could have gotten their own…
“Fake certs for Google, Yahoo, and Skype? Wow. This isn’t the first time Comodo has screwed up with certificates. The safest thing for us users to do would be to remove the Comodo root certificate from our browsers so that none of their certificates work, but we don’t have the capability to do that. The browser companies — Microsoft, Mozilla, Opera, etc. — could do that, but my guess is they won’t. The economic incentives don’t work properly. Comodo is likely to sue any browser company that takes this sort of action, and Comodo’s customers might as well. So it’s smarter for the browser companies to just ignore issue and pass the problem to us users.”
Listeners Request 1 – From: Dominik
Message: Hello Packet Pushers,
First I like to thanks the world-class pool of resources for the excellent shows. Really enjoying the podcasts.
We hear recently a lot discussions about high-end data centers and networks.
I work in the government sector and have the opposite task on my desk to build a Low Cost Data Center.
What do you think is a good vendor and design strategy for building Datacenters with a small budget.
Thinks like maintainance have also be considered. Some Vendors like HP, AVAYA…. offer free Lifetime warranty for their equipment.
I would really like to hear your opinion on building low cost data centers. Especially how you get cheapest 10GbE support in the market.
Request 2 – Paul
Hi Packet Pushers,
Here’s a question you might like to cover sometime (preferably soon ;-) on the podcast: What are the relative advantages and disadvantages of routing in an L3 switch vs. a traditional router (say, a Juniper EX3200 vs. an MX80)? When would you always choose one, and when would you never choose it?
I’m looking to put in a pair of routing switches or routers between my campus VLANs (and possibly between them and my 100 Mbps Internet link), and i have minimal budget. Which type of device would be a better choice from a performance and resilience perspective?
Wireless Injection Attacks
Quick side chat about Spectrum Analysis and WiSpy from Metageek
Hosts / Guests
Special thanks to Mrs Y – “The Network Princess” for joining us this week.
and last, and the very least.
Subscribe in iTunes and RSS
Media Player and MP3 Download