Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"The Grugq: I’m not joking. You don’t even need to do that. You just send an e-mail which says, you can literally just say, "Run this code." Some of the anti-phishing guys I’ve worked with are just shocked at what happens. I had some friends who worked in corporate security who had to do a cleanup after they got hit with e-mails which said literally, "click on this" and they had 10 or 20 people who did. It was less than 1 percent, but it was enough. People will do it and even on a locked-down corporate PC, it doesn’t matter. If you can get an HTTP connection back out to the Web, you can then tunnel in over that."

(The Grugq sells high value 0days and is a respected member of the hacking community) http://www.csoonline.com/article/216370/where-is-hacking-now...



That was how RSA was breached, which led to the eventual loss of the SecureID master key (and follow-on breeches at DoD suppliers).


What does RSA stand for? I was on their (SecurID) related site, and checked out the "about" page, but the acronym is never defined.


Initials of the three inventors (discoverers?) of the algorithm: http://en.wikipedia.org/wiki/RSA_(algorithm)


(Ron) Rivest, (Adi) Shamir, (Leonard) Adleman




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: