List of Companies hit during the RSA Breach Released

The March breach of Security vendor RSA made headline news, but up to 760 other organizations were also hit at the same time according to a news report from Krebs on Security:

“The information suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA. Almost 20 percent of the current Fortune 100 companies are on this list.”

The list includes a who’s who of government, technology and financial institutions. AT&T, Cisco-EU, Ebay, European Space Agency, Facebook, IBM, Intel, the IRS, Microsoft, Novell, Seagate, VMWare, Wells Fargo, Yahoo and hundreds of others.

The article also shows a breakdown of the location of the Command and Control (C&C) servers used in the attack. The majority of the servers were located in China (299), some of the other locations that are interesting are South Korea, Pakistan and Brazil.

So how did the attackers infiltrate some of the top technology organizations of the world?

According to f-secure it all started from a spoofed e-mail from an employment agency.  Employees of RSA’s parent company EMC received a targeted e-mail entitled, “2011 Recruitment plan“. The e-mail included an infected XLS spreadsheet that when opened installed the Poison Ivy backdoor program.

The e-mail simply stated, “I forward this file to you for review. Please open and view it“…

Advertisements

3D Printing – Creating working Tools out of Toner Powder

This changes everything…

Okay, it’s not “toner powder” but this is the most amazing 3D printer that I have ever seen. ZCorp’s new printer creates complex color 3D objects out of powder binder.

If you haven’t seen what can be done with 3D printers, then you have to watch this.

SecurityTube Wi-Fi Security Expert Certification (SWSE)

My friend Vivek, Wi-Fi security guru and author of “Backtrack 5 Wireless Penetration Testing“, has created the SWSE certification program:

The SecurityTube Wi-Fi Security Expert (SWSE) is an online certification for Wi-Fi Security and Penetration Testing. This course is ideal for penetration testers, security enthusiasts and network administrators. The course leading to the certification exam is entirely practical and hands-on in nature. The final certification exam is fully practical as well and tests the student’s ability to think out of the box and is based on the application of knowledge in practical real life scenarios.

Vivek offers the training section of the program for free on his website “SecurityTube.net“. Over 12 hours of hands on training, starting from the very basics and moving on to advanced Wireless security techniques. You will use the Backtrack penetration testing platform and several of the tools that come with it. Then when you are ready, take the exam, where you will put the skills you have learned into practice and actually pen test a wireless network. The Certification Exam is $250.

Great training at a great price, check it out!