Feeds

Internet security firm RSA's Web site hacked

We feel safer already

  • alert
  • submit to reddit

Mobile application security vulnerability report

RSA Security has suffered the embarrassment of having its home page "defaced" by an intruder. The original defaced page can be found http://www.2600.com/hacked_pages/2000/02/www.rsa.com Now it get's complicated: there is a second defaced RSA home page, in which the company's site appears to be "owned" by the an intruder. This is a plain white page bearing a simple message. However, the IP address of RSA.com (205.181.76.22) and the IP address of the second "hacked" page (200.24.19.252) -- are not the same. The hacked page, a computer security firm employee writes, is on a "computer in the University of Antigua - (http://bachue.udea.edu.co). So what happened? One theory put forward by a very knowledgeable reader is that "the nameserver was hacked and the www.rsa.com IP forwarded to another hacked box which was used to host the defaced page. This box must have been hacked again, by someone else and a new page put up". The Register found the following text on the new defaced page (we've deleted part of the phone number for obvious reasons), "Wat up whats up to all my nigs ya know who ya are n #2600 and whats up all my #sesame nigs and call rigger if ya come here bc he is the gayest fuck ;) 718-815-**** all chans are on a irc server lol -tek pBK > * also irc.segments.org ;)" For those not fluent in h4x0r dialect, the gentleman or lady who hacked the RSA page wishes to offer warm salutations to all of his or her colleagues from the IRC channels #2600 and #sesame, and further invites all concerned to place nuisance phone calls to a gentleman or lady known as rigger ( a notorious hacker, apparently) , either as a friendly prank, or for malicious purposes. The overall tone suggests the former is intended. Additionally, we note that "nigs" should not be construed to express any racist sentiments, but is best understood as a term of fraternal affection along lines expressed by the familiar "homies". In the interests of investigative journalism we visited the #2600 and #sesame channels on irc.segments.org, following the message's reference to that network, but found ourselves alone with a bot which advised us, "Welcome to #2600 sit down and shuddup or fear a nice /kill or /kline." A subsequent visit to the same two channels on the more h4x0r-friendly efnet.org yielded the expected result, two rooms chock full of quiet, paranoid hackers and eager, chatty wannabes. No one volunteered any information which The Register felt was up to its impeccable standards of journalistic dependability, so we must refrain from passing along speculation proffered by anonymous strangers. The hack follows closely on the heels of RSA's boastful announcement last week that it was developing some new magic bullet to thwart DDoS attacks. The idea behind it is clever, we must allow: a cryptographic technique using so-called "client puzzles" which would accompany connection requests. "During an attack, legitimate clients would experience only a small degradation in connection time, while the attacking party would require vast computational resources to sustain an interruption of service. As a result, the subsequent burden of numerous requests placed back on the attacking party would severely limit its ability to continue the attack," RSA says. Of course the selection of RSA's home page for a graffiti attack could be a mere coincidence, or it could be a reply from the hacking underground meant to remind the company, and the rest of us by extension, that, all boasting aside, if you are connected to the Internet, you can be hacked, one way or another. A worthwhile reminder for all of us, we must add. ®

The Power of One Brief: Top reasons to choose HP BladeSystem

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Chips are down at Broadcom: Thousands of workers laid off
Cellphone baseband device biz shuttered
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.