<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19019">
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2>
<H1 class=print-title>Hackers step up attacks on security firms</H1>
<DIV class=print-submitted>By InfoWorld Tech Watch</DIV>
<DIV class=print-created>Created <EM>2011-03-25 11:29AM</EM></DIV>
<P></P>
<DIV style="FLOAT: right; MARGIN-LEFT: 10px">
<DIV class="imu module">
<DIV class=imuCover></DIV></DIV></DIV>
<DIV class=print-content>
<P>The Internet's security infrastructure is under attack. Two major incidents
against Comodo and RSA have raised the question of not just whether the
enterprise can withstand hacker attacks but if the security firms we all count
on to guard the infrastructure can protect themselves.</P>
<P>Earlier this week, Internet security firm Comodo revealed it had been <A
href="http://www.infoworld.com/t/authentication/weaknesses-in-ssl-certification-exposed-comodo-security-breach-593">tricked
into minting nine high-value digital certificates</A> <SPAN
class=print-footnote>[1]</SPAN> that could allow the attackers to create
fraudulent sites that fool users into thinking they are visiting Google, Yahoo,
Skype or Microsoft's Live service. The sting on Comodo follows <A
href="http://www.infoworld.com/d/security/emc-rsa-securid-info-swiped-sophisticated-hack-attack-917">a
more serious attack on RSA</A> <SPAN class=print-footnote>[2]</SPAN>, which
netted the infiltrators unspecified information that could compromise the
security of the company's one-time password product SecurID.</P>
<P>These breaches follow other recent high-profile security events, including
Anonymous's campaign to <A
href="http://www.infoworld.com/d/security/hbgarys-hoglund-discusses-lessons-the-anonymous-hack-980">compromise
HBGary Federal</A> <SPAN class=print-footnote>[3]</SPAN> and Stuxnet's use of <A
href="http://www.infoworld.com/t/malware/stuxnet-attack-more-effective-bombs-888">stolen
code-signing certificates</A> <SPAN class=print-footnote>[4]</SPAN> against
Iran's nuclear capability. Altogether, it's undeniable that attackers now see
the value in focusing on those companies and products that provide defense.</P>
<P>While the Comodo attack, at least, is thought to have limited impact, the RSA
compromise could be more serious. However, both breaches point to a need by
security firms to re-evaluate their approach to protecting themselves and their
valuable intellectual property, says Anup Ghosh, founder and chief scientist of
browser security firm Invincea. "How is it that the foundational elements of
security are being compromised?" he asks.</P>
<P>"We have to worry whether we are going to be targeted next -- we, as in the
royal we," Ghosh says. "And all we're really doing is doubling down on the
technologies that was built in the late '90s and address yesterday's problems
rather than the way that these attacks are actually perpetrated."</P>
<P>Hackers have always sought out corporate intel, but in a presentation at RSA,
Josh Corman, research director of the 451 Group, argued that <A
href="http://www.youtube.com/watch?v=JQEBYxp_vKs" target=_blank>attackers are
increasing their focus on intellectual property</A> <SPAN
class=print-footnote>[5]</SPAN>, at a time companies are becoming more
proficient with protecting their custodial data, such as credit cards numbers
and personal-identifying information. These factors point to a need by companies
-- especially security firms -- to learn how to better protect their IP, he
says.</P>
<P>"What is now required is for us to ask what kind of evolution and changes do
we need to thwart those attackers who are more talented and more persistent," he
says. "We can mock these companies for their mistakes -- or we can talk about
the criminals and the perpetrators."</P>
<P><EM>This article, "<A
href="http://www.infoworld.com/t/security-management/hackers-step-attacks-security-firms-803?source=footer">Hackers
step up attacks on security firms</A> <SPAN class=print-footnote>[6]</SPAN>,"
was originally published at <A
href="http://www.infoworld.com/?source=footer">InfoWorld.com</A> <SPAN
class=print-footnote>[7]</SPAN>. Get the first word on what the important tech
news really means with the <A
href="http://www.infoworld.com/blogs/infoworld-tech-watch?source=footer">InfoWorld
Tech Watch blog</A> <SPAN class=print-footnote>[8]</SPAN>. For the latest
business technology news, follow <A href="http://twitter.com/infoworld"
target=_blank>InfoWorld.com on Twitter</A> <SPAN
class=print-footnote>[9]</SPAN>.</EM></P></DIV>
<DIV class=print-taxonomy>
<UL class=links>
<LI class="taxonomy_term_3212 first"><A title=""
href="http://www.infoworld.com/category/domains/data-management" rel=tag>Data
Management</A></LI>
<LI class=taxonomy_term_2535><A
title="The Security Central channel provides a vital resource for IT professionals to make the most of their security-oriented resources with best practices and discerning technology selection. In addition to ongoing news and reviews, the Security Central channel features the Security Adviser column written by Roger Grimes, one of the leading authorities on security in the industry."
href="http://www.infoworld.com/category/domains/security"
rel=tag>Security</A></LI>
<LI class=taxonomy_term_1959><A title=""
href="http://www.infoworld.com/t/intellectual-property" rel=tag>Intellectual
Property</A></LI>
<LI class=taxonomy_term_21664><A title=""
href="http://www.infoworld.com/t/cyber-crime" rel=tag>Cyber Crime</A></LI>
<LI class=taxonomy_term_2111><A title=""
href="http://www.infoworld.com/t/malware" rel=tag>Malware</A></LI>
<LI class=taxonomy_term_21645><A title=""
href="http://www.infoworld.com/t/network-security" rel=tag>Network
Security</A></LI>
<LI class="taxonomy_term_2117 last"><A title=""
href="http://www.infoworld.com/t/security-management" rel=tag>Security
Management</A></LI></UL></DIV>
<DIV class=print-footer></DIV>
<HR class=print-hr>
<DIV class=print-source_url><STRONG>Source URL (retrieved on <EM>2011-03-25
05:08PM</EM>):</STRONG> <A
href="http://www.infoworld.com/t/security-management/hackers-step-attacks-security-firms-803">http://www.infoworld.com/t/security-management/hackers-step-attacks-security-firms-803</A></DIV>
<DIV class=print-links>
<P><STRONG>Links:</STRONG><BR>[1]
http://www.infoworld.com/t/authentication/weaknesses-in-ssl-certification-exposed-comodo-security-breach-593<BR>[2]
http://www.infoworld.com/d/security/emc-rsa-securid-info-swiped-sophisticated-hack-attack-917<BR>[3]
http://www.infoworld.com/d/security/hbgarys-hoglund-discusses-lessons-the-anonymous-hack-980<BR>[4]
http://www.infoworld.com/t/malware/stuxnet-attack-more-effective-bombs-888<BR>[5]
http://www.youtube.com/watch?v=JQEBYxp_vKs<BR>[6]
http://www.infoworld.com/t/security-management/hackers-step-attacks-security-firms-803?source=footer<BR>[7]
http://www.infoworld.com/?source=footer<BR>[8]
http://www.infoworld.com/blogs/infoworld-tech-watch?source=footer<BR>[9]
http://twitter.com/infoworld</P></DIV></FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT
size=2>_____________________________________________</FONT></DIV><FONT size=2>
<DIV><BR>Wayne A. Fox<BR>1009 Karen Lane<BR>PO Box 9421<BR>Moscow, ID
83843</DIV>
<DIV> </DIV>
<DIV><A href="mailto:waf@moscow.com">waf@moscow.com</A><BR>208
882-7975<BR></FONT></DIV></BODY></HTML>