ID: IRCNE2011121337
Date: 2011-12-07
According to "techworld", The attack that hacked RSA Security's network earlier this year succeeded because the company failed to take a basic security precaution, a researcher said Monday.
According to Rodrigo Branco, the director of Qualys' vulnerability and malware research labs, the malware targeted the decade-old Windows XP.
"The feeling is the target[ed PC] was running Windows XP SP3 ... with all the patches," said Branco in emailed answers to questions.
The problem, said Branco, is that while Windows XP includes the DEP (data execution prevention) defensive technology -Microsoft added DEP to XP in 2004 with Service Pack 2 - it's not switched on by default. And RSA apparently neglected to turn it on.
Microsoft also published a security advisory shortly after RSA confirmed the attack, telling users that they could protect their PCs by switching on DEP.
- 2