Feeds

Internet security firm RSA's Web site hacked

We feel safer already

  • alert
  • submit to reddit

Intelligent flash storage arrays

RSA Security has suffered the embarrassment of having its home page "defaced" by an intruder. The original defaced page can be found http://www.2600.com/hacked_pages/2000/02/www.rsa.com Now it get's complicated: there is a second defaced RSA home page, in which the company's site appears to be "owned" by the an intruder. This is a plain white page bearing a simple message. However, the IP address of RSA.com (205.181.76.22) and the IP address of the second "hacked" page (200.24.19.252) -- are not the same. The hacked page, a computer security firm employee writes, is on a "computer in the University of Antigua - (http://bachue.udea.edu.co). So what happened? One theory put forward by a very knowledgeable reader is that "the nameserver was hacked and the www.rsa.com IP forwarded to another hacked box which was used to host the defaced page. This box must have been hacked again, by someone else and a new page put up". The Register found the following text on the new defaced page (we've deleted part of the phone number for obvious reasons), "Wat up whats up to all my nigs ya know who ya are n #2600 and whats up all my #sesame nigs and call rigger if ya come here bc he is the gayest fuck ;) 718-815-**** all chans are on a irc server lol -tek pBK > * also irc.segments.org ;)" For those not fluent in h4x0r dialect, the gentleman or lady who hacked the RSA page wishes to offer warm salutations to all of his or her colleagues from the IRC channels #2600 and #sesame, and further invites all concerned to place nuisance phone calls to a gentleman or lady known as rigger ( a notorious hacker, apparently) , either as a friendly prank, or for malicious purposes. The overall tone suggests the former is intended. Additionally, we note that "nigs" should not be construed to express any racist sentiments, but is best understood as a term of fraternal affection along lines expressed by the familiar "homies". In the interests of investigative journalism we visited the #2600 and #sesame channels on irc.segments.org, following the message's reference to that network, but found ourselves alone with a bot which advised us, "Welcome to #2600 sit down and shuddup or fear a nice /kill or /kline." A subsequent visit to the same two channels on the more h4x0r-friendly efnet.org yielded the expected result, two rooms chock full of quiet, paranoid hackers and eager, chatty wannabes. No one volunteered any information which The Register felt was up to its impeccable standards of journalistic dependability, so we must refrain from passing along speculation proffered by anonymous strangers. The hack follows closely on the heels of RSA's boastful announcement last week that it was developing some new magic bullet to thwart DDoS attacks. The idea behind it is clever, we must allow: a cryptographic technique using so-called "client puzzles" which would accompany connection requests. "During an attack, legitimate clients would experience only a small degradation in connection time, while the attacking party would require vast computational resources to sustain an interruption of service. As a result, the subsequent burden of numerous requests placed back on the attacking party would severely limit its ability to continue the attack," RSA says. Of course the selection of RSA's home page for a graffiti attack could be a mere coincidence, or it could be a reply from the hacking underground meant to remind the company, and the rest of us by extension, that, all boasting aside, if you are connected to the Internet, you can be hacked, one way or another. A worthwhile reminder for all of us, we must add. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.