Jun 8, 2011

RSA SecurID tokens compromised



The EMC Corp. unit openly acknowledged for the first time that intruders had breached its 
security systems at defense contractor Lockheed Martin Corp. using data stolen from RSA.


What is a Secure ID token ?


SecurID tokens are used in two-factor authentication systems. Each user account is linked to a token, and each token generates a pseudo-random number that changes periodically, typically every 30 or 60 seconds. To log in, the user enters a username, password, and the number shown on their token. The authentication server knows what number a particular token should be showing, and so uses this number to prove that the user is in possession of their token.

RSA Security will replace virtually every one of the 40 million SecurID tokens currently in use as a result of the hacking attack the company disclosed back in March. The EMC subsidiary issued a letter to customers acknowledging that SecurID failed to protect defense contractor Lockheed Martin, which last month reported a hack attempt.



This admission puts paid to RSA's initial claims that the hack would not allow any "direct attack" on SecurID tokens; wholesale replacement of the tokens can only mean that the tokens currently in the wild do not offer the security that they are supposed to. Sources close to RSA tell Ars that the March breach did indeed result in seeds being compromised. The algorithm is already public knowledge.
As a result, SecurID offered no defense against the hackers that broke into RSA in March. For those hackers, SecurID was rendered equivalent to basic password authentication, with all the vulnerability to keyloggers and password reuse that entails.
RSA Security Chairman Art Coviello said that the reason RSA had not disclosed the full extent of the vulnerability because doing so would have revealed to the hackers how to perform further attacks. RSA's customers might question this reasoning; the Lockheed Martin incident suggests that the RSA hackers knew what to do anyway—failing to properly disclose the true nature of the attack served only to mislead RSA's customers about the risks they faced.
RSA is working with other customers believed to have been attacked as a result of the SecurID compromise, though it has not named any. Defense contractors Northrop Grumman and L-3 Communications are both rumored to have faced similar attacks, with claims that Northrop suspended all remote access to its network last week.

Facebook facial recognition technology : A controversy



"We should've been more clear" on face-scanning tech :Facebook


Facebook applied its new facial recognition technology to users' accounts without notifying them

This social networking site also posted an updated blog post explaining that its Tag Suggestions function had been switched on by default for the majority of its users.

It seems as if Facebook's problems with security are never-ending. New social networking features roll out and appear to cross the line almost every time, and now, Facebook users are expressing concern for its new facial recognition technology.

Facial recognition technology can be found in different programs, such as Apple's iPhoto and Google's Picasa. But the facial recognition feature can be turned off, giving users the option to use it or not. Unfortunately, this is not the case with Facebook's facial recognition feature.

Facebook announced the release of the facial recognition feature back in December, saying it would speed up the process of tagging friends in photos. Facebook also noted that it would only be released in theUnited States, but in an email statement yesterday, Facebook admitted that the technology had become available to users internationally without telling them about it.

"We should have been more clear with people during the roll-out process when this became available to them," said Facebook in an email statement.

The Facebook response also added that photo-tagging suggestions using the facial recognition technology were only offered when new photos were uploaded to Facebook, and it only suggested friends. In addition, the message mentioned that the feature can be disabled in a user's privacy settings.

But it's difficult to turn these settings off when people do not know they even have the feature.

This new feature presents privacy problems because Facebook has over 500 million users, and applying this technology unknowingly could raise questions about whether certain personally identifiable information would become associated with the photos within the database.

"Yet again, it feels like Facebook is eroding the online privacy of its users by stealth," said Graham Cluley, a senior technology consultant at Sophos.


Nintendo will launch its new Wii console in 2012




Nintendo Unveild its new Wii console and will launch it in 2012


Gaming giant Nintendo has been showing off its next-generation Wii game console, at the E3 games show in Los Angeles.
The much-anticipated console, dubbed Wii U, comes with a controller that features a touchscreen and camera.
The original Wii console was hugely popular but Nintendo has faced pressure from rivals with similar devices.
Nintendo hopes the new console will create a new genre of gaming.
Wii U will feature a set-top box similar to the first generation console.
But the 6.2-inch touchscreen controller comes with a front-facing camera as well as the more traditional buttons of a Wii remote and a motion detector.
It will broadcast high-definition video and can be used to make video calls and browse the web.

Privacy In demos, the Japanese gaming giant showed off some of the things the controller will allow - including offering users a private screen to view gameplay information that is not shared on the big screen.
It will also allow users of games such as Wii Fit to weigh themselves and get a read-out via the controller rather than the TV.
Users can also swap game play between the big screen and the controller, for instance if someone else wants to watch TV.

Wii U is "an interesting new concept" thinks Dan Pearson, a staff writer at Gamesindustry.biz.
"It is a hybrid between a handheld with elements of tablet design but also has all the traditional controller elements," he said.
"Initially people may be confused by the controller but so were they when the first Wii was unveiled," he said.
Nintendo was also keen to show off the processing power of the new console.
"Nintendo has been under fire for chasing casual gamers and it is good to see them trying to win back core gamers," said Mr Pearson.
Wii U will work with older games and controllers and will be available from spring 2012.

There was no indication of the price of the new console.

Web giants to trial new IPv6 system for one day


And finally its here !
The biggest ever test of the internet's new address system is taking place.
Google, Yahoo, Microsoft Bing and Facebook are among the companies switching-on IPv6 versions of their websites for the one day trial.
The technology is gradually being introduced because the world is running out of older IPv4 addresses as more devices come online.
Companies and home users may need new networking equipment, however the transition is likely to take years.
World IPv6 day is partly a technical exercise by internet companies to see how the technology works, and partly an awareness-raising initiative.
For the small percentage of users already set up to access IPv6, they will be able to connect through the usual URLs - such as Google.com or Yahoo.com.
Behind the scenes, their browsers will be pointed to the new, much longer IP address.
New equipment Groups involved in IPv6 day say that everyone will have to make the change eventually, but users should not worry at this stage if they are not switched over.

Comments system

Disqus Shortname