RSA, the security division of EMC has finally broken its silence over the company's recent breach, revealing additional details of a cyber-attack that the company said could have led to "certain information being extracted." When the violation was announced in March, RSA called the attack "extremely sophisticated" even as the company refused to divulge exactly what was taken behind carefully-worded statements.

While RSA still would not say what was stolen, Uri Rivner, Head of New Technologies, consumer identity protection at RSA have detailed the actual attack in a blog post that would no doubt be a fascinating read for network and security administrators. In a nutshell, a spearphishing campaign succeeded in tricking a staffer into opening an Excel spreadsheet embedded with a Flash movie that exploited a then-unknown vulnerability; you can read about what happened here.

Personally, I applaud RSA's willingness to share how its security was defeated, given that large enterprises have always showed a reticence against recounting such details in public. The honesty doesn't appear to satisfy many, unfortunately.

In a post that noted the irony of RSA falling victim to such a simplistic attack, Ars Technica deadpanned: 'Extremely sophisticated'? More like 'run-of-the-mill.' Reader "CG," who posted a comment on the RSA blog summed up public sentiments best when he wrote: "... appreciate the honestly but you should have made it MUCH harder for these guys to steal your stuff."

For more on this story:
- check out this blog at RSA
- check out this article at Ars Technica
- check out this article at CRN

Related Articles:
Experts: RSA's data breach highlights need for companies to tighten up security 
RSA warns of possible risk to customers of SecurID following cyber attack 
Transparency breeds trust