Slashdot Mirror

← Back to Stories (view on slashdot.org)

RSA Says SecurID Hack Based On Phishing With Flash 0-Day

Posted by timothy on Friday April 1, 2011 @07:16PM from the not-straight-but-chaser dept.

Trailrunner7 writes "RSA confirmed on Friday that the attack that compromised the company's high-value SecurID product was essentially a small, targeted phishing campaign that included a payload of a malicious Flash object embedded in an Excel file."

1 of 153 comments (clear)

Min score:

Reason:

Sort:

Re:Thanks again ADOBE by trifish · 2011-04-01 22:32 · Score: 5, Insightful

.. for the all-present loophole known as FLUSH (and as Flash in your HQ) and also to MicroSoft for their mega-secure OLE, etc, etc
Sad part is trying to live without Flush and MS, is darned near impossible. The other massive and all-present loophole, also (hmm, note this) from ADOBE if PDF..... they should stick to writing PhotoShop and can all the other stuff they have tried and messed up.
You're kidding right? The attack did not succeed because of Flash or Microsoft. It succeeded because social engineering (phishing being the kind thereof) simply works. And it will work even if the employee is running Linux without Flash. Why? Because (wait for the suprrise here) -- drumrolls -- Linux has 0-day exploits too.