Slashdot Mirror

← Back to Stories (view on slashdot.org)

RSA Says SecurID Hack Based On Phishing With Flash 0-Day

Posted by timothy on from the not-straight-but-chaser dept.

Trailrunner7 writes "RSA confirmed on Friday that the attack that compromised the company's high-value SecurID product was essentially a small, targeted phishing campaign that included a payload of a malicious Flash object embedded in an Excel file."

3 of 153 comments (clear)

  1. Wait wait hold up by atari2600a · · Score: 5, Interesting

    You can embed flash in excel files!? WHY WOULD YOU DO THAT

  2. Simple question: securid seeds? by rtfa-troll · · Score: 5, Interesting
    Dear RSA; speaking as a customer; we need a simple answer to the question:

    has the securid seeds database been compromised?

    anything else you announce is fluff.

    --
    =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
    1. Re:Simple question: securid seeds? by rtfa-troll · · Score: 5, Interesting

      And just to amplify this with a bit of Wikipedia manipulation; have a look at this edit which comes from 128-221-197-57.emc.com, Where EMC is RSA's parent company, which I found from this article which also includes an RSA letter which they are supposedly sending out to customers.

      Full disclosure to all affected users; it shouldn't be a matter of dispute. It should be the law.

      --
      =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();