A very concerning open letter was posted on the RSA website that has this news:
Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.
Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.
RSA’s SecurID authentication tokens are used by millions of people, including government and bank employees around the world because they are supposed to be as close to “bulletproof” when it comes to security because it provides a randomly generated number that along with a password allows a user to access a network or conduct banking transactions. PayPal for example uses such a system with its Security Key. Now if the algorithm that is responsible for generating the random numbers was exposed as part of this hack, then anyone who uses this sort of system should be concerned. It isn’t clear if that’s what happened in this case but if you use RSA SecurID, you might want to look at this blog post to see if you can beef up your security.
My advice? If RSA doesn’t disclose what happened and what was affected in a rapid manner, then consider changing to another product such as Google Authenticator as you would have to assume that SecureID is no longer secure. But in the meantime, you should watch and see how this story evolves.
Like this:
Like Loading...
Related
This entry was posted on March 19, 2011 at 8:53 am and is filed under Commentary with tags Hacked, RSA. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
RSA Gets Hacked…. This Might Be A Problem
A very concerning open letter was posted on the RSA website that has this news:
Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.
Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.
RSA’s SecurID authentication tokens are used by millions of people, including government and bank employees around the world because they are supposed to be as close to “bulletproof” when it comes to security because it provides a randomly generated number that along with a password allows a user to access a network or conduct banking transactions. PayPal for example uses such a system with its Security Key. Now if the algorithm that is responsible for generating the random numbers was exposed as part of this hack, then anyone who uses this sort of system should be concerned. It isn’t clear if that’s what happened in this case but if you use RSA SecurID, you might want to look at this blog post to see if you can beef up your security.
My advice? If RSA doesn’t disclose what happened and what was affected in a rapid manner, then consider changing to another product such as Google Authenticator as you would have to assume that SecureID is no longer secure. But in the meantime, you should watch and see how this story evolves.
Share this:
Like this:
Related
This entry was posted on March 19, 2011 at 8:53 am and is filed under Commentary with tags Hacked, RSA. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.