Computer Security Company Is Outhacking the Hackers

What’s a computer security firm to do when it learns that professional hackers are taking aim at one of its products?

Beat them to the punch. At least that’s what Rainbow Technologies Inc. in Irvine did.

After @stake Research Labs in Cambridge, Mass., busted through a Rainbow competitor’s product in May, Rainbow’s own hackers went to work on their company’s basic security product, the iKey.

So when @stake issued an advisory Thursday that it had cracked the iKey 1000, Rainbow crafted a positive spin by saying its engineers also had broken the code and already were offering customers a somewhat reinforced version of the product.

The iKey, a rod that plugs into the back of a computer, works in conjunction with a user’s password to control access to computer systems. If users take the key away when they leave the computer, no one else can access their files.

But a research scientist from @stake, known publicly only as “Kingpin,” was able to break open the casing of the key and decipher the code that allowed him to gain entrance into the guarded files.

Rainbow officials said they have a new version of the key that’s harder to break open and alerts users that someone has tampered with it. Customers can exchange their original models. They point out that the iKey 1000 is the entry-level model.

“Working with organizations like @stake makes good security products better because they expose potential weaknesses, which can then be fixed,” said Rainbow spokesman Dan Chmielewski.

*

Karen Alexander covers high technology for The Times. She can be reached at (714) 966-5637 or at karen.alexander@latimes.com.