Re: Some remarks to make 11 April 2011 11:35
> nilie wrote on 04 April 2011 17:06
> > 1- Employee retrieving email from a spam folder ? Either RSA spam
> > system is weak or the employee in question is clearly unaware of
> > security policies (or there are simply no policies covering this
> > scenario).
> Well, I monitor an abuse@ address and sometimes false positives
> happen, so I regularly check my spam folder to see if something
> slipped through.
> Maybe they do so too? Though, I would never open any attachment from
> my spam folder and I usually block HTML emails (and I also use
> And even after all I said (almost like defending RSA) I totally agree
> with you on the security fail.
Fair enough but I think your being too nice.
If they're running flash on systems where these access credentials
Then this could easily happen next month and the month after that and
the month after that.
I presume they're running outlook which accepts foreign data almost
as trusted input. Get a text mail client with optional html2text
conversion for crying out loud, you jokers.
I wouldn't be surprised if they're running adobe air too just so an
exploit can continue trying to elevate priviledges once the browsers
p.s. I believe after the google incident they pushed hard on the unix
usage front. Shrewd move, but you still need to think about
OMG - RSA need lessons on priviledge seperation and code quality.
04 Apr 2011 17:06nilie
04 Apr 2011 18:29xtrm
06 Apr 2011 04:15richarson
11 Apr 2011 11:35Kevin ChadwickRe: Some remarks to make
- Threaded View
- Flat View