An FBI investigation into last year's cyber attack on Nasdaq OMX Group found surprisingly lax security practices that made the exchange operator an easy target for hackers, people with knowledge of the probe said. The sources did not want to be identified because the matter is classified but said investigators were surprised to find some computers with out-of-date software, misconfigured firewalls and uninstalled security patches that could have fixed known "bugs" that hackers could exploit. Versions of Microsoft Corp's Windows 2003 Server operating system, for example, had not been properly updated. The ongoing probe by investigators is focused on Nasdaq's Directors Desk collaboration software for corporate boards, where the breach occurred. The Web-based software is used by directors to share confidential information and to collaborate on projects."This was easy pickings," said one person familiar with Nasdaq's security practices. "You would have thought they would be like a cyber Fort Knox, but that wasn't the case at all." The investigators found Nasdaq's basic computer architecture was sound, which kept its trading systems safe from the hackers, but they were also surprised that the exchange operator was not more vigilant about what the industry calls "cyber hygiene" given its importance to financial systems. Nasdaq defended its security practices and said no data was compromised by the cyber attack, which was detected in October 2010. Nasdaq has about 10 companies advising it on security issues, including a major U.S. defense contractor.  For more info, go to [Reuters 11/17/11]