rsa
Latest
Addon Spotlight: Replacing Raeli's Spell Announcer
Each week, WoW Insider's Mathew McCurley brings you a fresh look at reader-submitted UIs as well as Addon Spotlight, which focuses on the backbone of the WoW gameplay experience: the user interface. Everything from bags to bars, buttons to DPS meters and beyond -- your addons folder will never be the same. We might occasionally forget that the addon community is comprised of real live human beings from time to time, when these wonders of science and technology shield our eyes from the truth -- mere mortals made these addons, and we love them for it. However, as humans do, addon creators move on from their Lua toils and leave behind their creations either to be picked up by new project managers or to rot in the sun. Readers ask me all the time what alternatives there are to favorite addons that have been discontinued or no longer updated by their creators. Let's find some alternatives, shall we? Tivoni of the Shadowsong (EU) server sent me an email professing her love for Raeli's Spell Announcer and the sad fact that the creator of this amazing addon, Raeli from Arathor (EU), was quitting WoW and his addon work. It's always a shame to see a great addon creator leave for different worlds or new work -- but there are people out there willing to pick up the pieces, and there are already alternatives out there.
Addon Spotlight: Raiding essentials for healers
Each week, WoW Insider's Mathew McCurley brings you a fresh look at reader-submitted UIs as well as Addon Spotlight, which focuses on the backbone of the WoW gameplay experience: the user interface. Everything from bags to bars, buttons to DPS meters and beyond -- your addons folder will never be the same. As we get Raid Finder clarifications and new details, the excitement ramps up for this brand new feature coming in patch 4.3. Raiders and non-raiders alike are clamoring for new ways to experience the high-end, endgame content. Since we also now know the role makeup for the Raid Finder, healers will be in demand as each Raid Finder group will be made up of six healers. Healing is one of the most stressful jobs in World of Warcraft right now. The logistics for healing have changed dramatically since the Wrath of the Lich King days with a new emphasis on smart healing versus throughput. What that means is you have limited resources and need to make sure you're using them correctly. Healing is probably the most complicated role out there right now, if only because healers have a lot of responsibility. In the Raid Finder, encounter difficulties will be easier than we've seen before, but the fact is that players will still need their health bars above zero in order to beat a fight. Healer addons can be a divisive topic, so I'm going to stick with the basics for healers in raids. Your own mileage may vary, and you're going to want to try out different setups in order to see what works for you. On the whole, people agree that having some addons to help with healing makes the job that much smoother.
RSA offering SecurID replacements following Lockheed Martin attack
We'd already had a pretty clear indication that information obtained in the massive RSA hack back in March was used in the attack on Lockheed Martin last month, and RSA has now confirmed that itself for the first time. What's more, Executive Chairman Art Coviello has also announced that the company is willing to provide security monitoring services to those concerned, and even replace existing SecurIDs free of charge for "virtually every customer" it has. Considering that millions of the tokens are now in use, that could add up to quite the bill. Not surprisingly, however, he isn't divulging many more details about the attack itself, noting only that the attacker's "most likely motive" was to use the information to "target defense secrets and related IP, rather than financial gain."
RSA SecureID hackers may have accessed Lockheed Martin trade secrets, cafeteria menus (update: no data compromised)
RSA SecureID dongles add a layer of protection to everything from office pilates class schedules to corporate email accounts, with banks, tech companies, and even U.S. defense contractors using hardware security tokens to protect their networks. Following a breach at RSA in March, however, the company urged clients to boost other security methods, such as passwords and PIN codes, theoretically protecting networks from hackers that may have gained the ability to duplicate those critical SecureIDs. Now, Lockheed Martin is claiming that its network has come under attack, prompting RSA to issue 90,000 replacement tokens to Lockheed employees. The DoD contractor isn't detailing what data hackers may have accessed, but a SecureID bypass should clearly be taken very seriously, especially when that little keychain dongle is helping to protect our national security. If last month's Sony breach didn't already convince you to beef up your own computer security, now might be a good time to swap in 'Pa55werD1' for the rather pathetic 'password' you've been using to protect your own company's trade secrets for the last decade. [Thanks to everyone who sent this in] Update: According to Reuters, Lockheed Martin sent out a statement to clarify that it promptly took action to thwart the attack one week ago, and consequently "no customer, program or employee personal data has been compromised." Phew! [Thanks, JD]
RSA hacked, data exposed that could 'reduce the effectiveness' of SecurID tokens
If you've ever wondered whether two-factor authentication systems actually boost security, things that spit out pseudorandom numbers you have to enter in addition to a password, the answer is yes, yes they do. But, their effectiveness is of course dependent on the security of the systems that actually generate those funny numbers, and as of this morning those are looking a little less reliable. RSA, the security division of EMC and producer of the SecurID systems used by countless corporations (and the Department of Defense), has been hacked. Yesterday it sent out messages to its clients and posted an open letter stating that it's been the victim of an "advanced" attack that "resulted in certain information being extracted from RSA's systems" -- information "specifically related to RSA's SecurID two-factor authentication products." Yeah, yikes. The company assures that the system hasn't been totally compromised, but the information retrieved "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack." RSA is recommending its customers beef up security in other ways, including a suggestion that RSA's customers "enforce strong password and pin policies." Of course, if security admins wanted to rely on those they wouldn't have made everyone carry around SecurID tokens in the first place. [Thanks to everyone who sent this in]
1024-bit RSA encryption cracked by carefully starving CPU of electricity
Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.
Google Chrome OS 'business version' coming in 2011
Are two (or more) versions of an OS better than one? Some say yes, and it looks like you can now count Google among them. Speaking at this week's RSA Conference, Google software security engineer Will Drewry revealed, seemingly for the first, that Google will be releasing a "business version" of Chrome OS for netbooks sometime in 2011. Details on it are still pretty light at the moment, as you might expect, but it will supposedly offer more "management muscle" than the consumer version. Drewry did drop a few more details about Chrome OS for netbooks in general, however, including the interesting tidbit that you'll be able to enable a development mode by flipping a switch located under the battery. [Thanks, Amrita]
Oh, by the way: July 22, 2009
Here's some of the other stuff that happened in the wide world of mobile for Wednesday, July 22nd, 2009: For some reason known only to Samsung, it seems the S9110 watchphone won't be coming to the UK any time soon. Of course, if you've got unlocked GSM 900 / 1800 units floating around France this month, it should be a simple matter to get 'em anywhere in Europe. LG's second quarter report revealed an astounding 32 percent jump in phone shipments quarter-over-quarter, setting an all-time best 29.82 million units. The company specifically calls out the next Black Label phone -- presumably the BL40 -- as one of the phones it's pinning its hopes and dreams on toward the end of the year. [Via mocoNews] iPhones can now be used to generate RSA SecurID tokens, which should make a great many enterprise iPhone users happier than pigs in poo. Google Maps 3.2 has been released for Windows Mobile and S60. The big feature here is layered data, meaning you can add and remove different bits of information (Latitude, traffic, and so on) one layer at a time. A picture atop Samsung USA's mobile site suggests a new QWERTY slider is destined for MetroPCS. It's labeled Messager, but looks nothing like the Messager we're acquainted with -- instead, it looks suspiciously like Bell's Vice. [Via Phone Scoop]
London trounces rest of world in quest for WiFi dominance
Nothing like a hot stack of stats to spice up the oft-debated, nary settled question: who has the best WiFi access? Well, London continues to be the world capital of WiFi with 12,276 access points, according to the freshest installment of the annual Wireless Security Survey conducted by RSA, beating New York City by roughly 3,000. Paris rules the year-over-year increase category, however, with a shocking 543 percent gain over last year, while London and New York saw much slower increases. NYC did manage to capture the top spot in the coveted 'corporate encryption' category, with about 97 percent of corporate access points now employing some type of encryption, while about 20 percent of London's business access points remain totally, completely, shamefully unprotected. We understand that upon hearing the news, Queen Elizabeth promptly ordered a pallet of routers with built-in firewalls for all of Buckingham Palace.[Via Slashdot]
UPEK Eikon To Go RSA key comes with a built-in fingerprint reader
Although RSA's SecurID two-factor authentication system is pretty solid (except for when the keys go out of sync), it looks like organizations with even more stringent security requirements might be interested in UPEK's new Eikon To Go RSA key, which adds a fingerprint reader to the mix. Yep, nothing really too wild -- but it's definitely one of the cooler-looking SecurID keys we've seen out there.
SanDisk rolls out RSA-packin' Cruzer Enterprise flash drives
It looks like anyone that makes regular use of an RSA key for one reason or another could soon have a new favorite USB flash drive, with SanDisk announcing the availability of so-called "two-for-one" Cruzer Enterprise drives, which provide both secure date storage and RSA SecurID software tokens for two-factor authentication (eliminating the need for a separate hardware authenticator). The drive is also apparently no slouch when it comes to the usual storage security measures, with it boasting 256-bit AES encryption, and a setup process that requires users to create complex passwords before they're able to make use of the drive. No word on pricing just yet, but you'll apparently be able to get the drive in your choice of 1, 2, 4, or 8GB varieties, with each boasting a respectable read speed of 24MB per second and a write speed of 20MB per second.
HP's Retail Store Assistant: a wallet's worst enemy
Fellas, if you thought Ralph Lauren's literal window shopping contraption was your wallet's arch-rival, we've got some unfortunate news, and for the ladies (or guys) who just love to spend it up, HP's about to become your very best friend. The clever gurus at HP Labs have developed a marketer's dream tool that enables customers to enter a retail store, swipe a card, and instantly receive a printout (shown after the jump) that includes "a personalized shopping list, relevant coupons, notice of associated store discounts or sales, and even a map to where the items can be found in the store." The inaccurately named Retail Store Assistant (we were thinking more along the lines of Wallet Depleter) is currently in the "experimental" stage, and would include an in-store kiosk which customers could access via a loyalty card or by inputting their phone number. Of course, this isn't the first stab we've seen at retailers using previous history to target consumers, but the team behind this apparatus insists that it will be much more effective than the typical junk mail that barely graces our eyes before hitting the trash. Best Worst of all, the system will reportedly be available even on the web, meaning that those with an urge to shop can log on during the waning hours of the workday and plan out their shopping spree for maximum efficiency. Oh, the humanity.
Gemalto intros USB smart card to curb phishing
The long, long list of uber-secure USB flash drives continues to grow as paranoid data carriers attempt to protect their lab reports and award-winning recipe books, but Gemalto has a slightly different kind of security in mind with its latest USB smart cards. The forthcoming keys will function much like the Mighty Key already does, as it offers up phishing protection by requiring that users have the USB stick plugged into their computer before being able to access files, online banking accounts, or your secret stash of 90's anime. While the company already provides such security measures for governmental / enterprise agencies, the Network Identity Manager is purportedly tailored for the average joe, won't require "any specialized software," and will play nice with standard browsers. Additionally, the system will utilize a token management system and support Verisign's VIP Network Identity federation framework, but won't require users to carry around a perpetually changing key fob as does PayPal. Gemalto hopes to "simplify" user security and curb the growing phishing problems in America, but there's currently no word on when we'll see these protection measures available for sale here in the States.
PayPal to offer security key fobs for additional account protection
For every stupendous scam that crafty / immoral individuals pull off on eBay, there's at least a couple phishing scams out there trying to jack your precious eBay or PayPal password and access your hard-earned dollars. PayPal is readying a VeriSign security key that will resemble the RSA SecureID we corporate workers are all too familiar with with, and will sport a monochrome LCD screen that rotates a six-digit password every 30 seconds. Clients who opt to use this device will be able to enter it along with their usual username / password credentials when logging in, which would prevent scammers from accessing their account without the key fob in hand. The firm has been testing the device with employees for "several months," and plans to start trialing it with customers "within a month or so." Personal account owners in America, Germany, and Australia will eventually have the option of picking one up for a one-time fee of $5, while business accounts will receive the unit gratis, but if you're not savvy enough to pass on by those tempting scams, five bucks could be a small price to pay to keep your cash out of strangers' hands.[Via jkOnTheRun]
Xbox 360 invades South Africa next month
Better late than never news now, as Microsoft sends out word that the Xbox 360 will be launching in South Africa this September. After gifting upon the world Nelson Mandela, J.R.R. Tolkien, Charlize Theron, Dave Matthews and frequently delicious koeksusters, it seems only fair to reward the third-world country with a shiny new games console. Local marketing manager, Cindy White, explains that South African gamers are a hungry bunch: "South Africa is a country where the appetite for console gaming is growing in leaps and bounds – expanding to Africa allows us to build a successful business ecosystem for our partners, and to bring more gamers amazing next-generation gaming and entertainment experiences."What she fails to mention, however, is that the entertainment experience arrives with a significant bite taken out of it. According to the online variant of NAG, a local gaming magazine, Xbox Live will not be "officially" supported within the first 12 months of the system's arrival. Stopping short of physically removing one of the analog sticks on the 360 controller, this move seems to leave quite a significant gap in the console's appeal. Live itself will still function -- the hardcore group of currently connected South Africans can attest to that -- but it will likely be impossible to purchase Live subscriptions from stores or perform marketplace transactions in South African currency.Both the normal and core editions of the Xbox 360 will launch on 29 September for R3,699 ($519) and R2,699 ($378) respectively. Until then, South Africans can enjoy reading irksome generalizations and ignorant remarks ("You wont ear people talking thats for sure , all you will ear is clicking sounds , cant wait to play againts Shaka Zulu") on the official Xbox forums. After the break: This entire post written...in the Afrikaans language!
EA devours competition, wins spicy burger contest for third straight year
Electronic Arts employees in Redwood City have won the Prince of Wales pub's annual habanero burger contest for a third straight year.Pub owner Jack Curry told the San Mateo Daily Journal that the EA team consumed 60 pepper-laced hamburgers, besting RSA, a computer security company, in order to retain the prestigious Prince of Wales title. Unfortunately, the win has done nothing to invigorate EA's steadily sinking stocks.
