Hundreds of Banking Sites Vulnerable to RSA Security Flaw, Researcher Finds
Brian Prince writes on eWeek:
RSA, EMC’s security division, is advising customers to apply a two-year-old patch for its Adaptive Authentication product after a researcher discovered hundreds of banking Websites are still open to attack.
RSA Adaptive Authentication is a risk-based fraud prevention and authentication platform that measures risk indicators to identify suspicious activities. According to RSA, versions 2.x and 5.7.x of the on-premise edition of the product are vulnerable to cross-site scripting due to a Flash Shockwave file provided by the Adaptive Authentication system.
The vulnerability in question was actually patched in 2008, but was brought back into focus recently when Nir Goldshlager, a security consultant with Avnet Technologies, discovered many online banking sites were still vulnerable to attack, something he uncovered after searching for the affected filename in Google. He reported his discovery to RSA in November.
Still, hundreds of sites remain vulnerable, he told eWEEK today.
Mark Fiore: Dojo of Democracy
More Mark Fiore brilliance.
Via The San Francisco Chronicle.
In Passing: Elizabeth Edwards
July 3, 1949 – December 7, 2010
In Remembrance: Pearl Harbor
USS California sinking.
Pearl Harbor Collection of pictures taken by military personnel.
Image source: Wikimedia
You Are Not Forgotten
On this day in 1941 -- a day that will live in infamy
-- the Imperial Japanese Navy made its attack on Pearl Harbor
The surprise attack on Pearl Harbor, Oahu, Hawaii, was aimed at the Pacific Fleet of the United States Navy and its defending Army Air Corps and Marine air forces. The attack damaged or destroyed twelve U.S. warships, destroyed 188 aircraft, and killed 2,403 American servicemen and 68 civilians.
Admiral Isoroku Yamamoto planned the raid as the start of the Pacific Campaign of World War II, and it was commanded by Vice Admiral Chuichi Nagumo, who lost 64 servicemen. However, the Pacific Fleet's three aircraft carriers were not in port and so were undamaged, as were oil tank farms and machine shops. Using these resources the United States was able to rebound within six months to a year.
The U.S. public saw the attack as a treacherous act and rallied strongly against the Japanese Empire, resulting in its ultimate defeat.
It absolutely "...awakened the sleeping U.S. behemoth"
Sixty-nine years later, we haven't forgotten.
In Passing: Don Meredith
April 10, 1938 – December 5, 2010
Europe Wary of U.S. Bank Monitors
Eric Lichtblau writes in The New York Times:
When the European Parliament ordered a halt in February to an American government program to monitor international banking transactions for terrorist activity, the Obama administration was blindsided by the rebuke.
“Paranoia runs deep especially about US intelligence agencies,” a secret cable from the American Embassy in Berlin said. “We were astonished to learn how quickly rumors about alleged U.S. economic espionage” had taken root among German politicians who opposed the program, it said.
The memo was among dozens of State Department cables that revealed the deep distrust of some traditional European allies toward what they considered American intrusion into their citizens’ affairs without stringent oversight.
The program, created in secrecy by the Bush administration after the Sept. 11, 2001, attacks, has allowed American counterterrorism officials to examine banking transactions routed through a vast database run by a Brussels consortium known as Swift. When the program was disclosed in 2006 by The New York Times, just months after the newspaper reported the existence of the National Security Agency’s warrantless wiretapping program, it set off protests in Europe and forced the United States to accept new restrictions.