RSA Breach Notification

Published: 2011-03-18
Last Updated: 2011-03-18 02:04:35 UTC
by Chris Mohan (Version: 1)
5 comment(s)

RSA have announced that they have discovered a breach in to their systems.

This open letter from RSA's Executive Chairman, Art Coviello, http://www.rsa.com/node.aspx?id=3872 alludes to the attack extracting data on their RSA's SecurID two-factor authentication products.

Information on the attack and what other information may have been extracted by the attack is limited to this RSA open letter so far.

RSA have also sent out an email to a number of their customers with a similar warning and notification of the breach.

 

 

Chris Mohan --- Internet Storm Center Handler on Duty

Keywords: rsa
5 comment(s)

Comments

Because they give no time-frame other than "recent", this could have been discovered months ago and they are only now announcing it. I wonder how long the FBI has been looped in.
Does this mean that these two factor auto password keyfobs are now not secure? That seems to likely be their target based on this announcement. I have no idea how they work internally but if they haven't followed sound practices designing these things this factor could now be neutralized. Lets hope the design on these doesn't have any major flaws.
If for some reason the seed records have been compromised, then 2FA from RSA is now on shaky ground. They do a good job of using crypto to protect the dbase, but if the keys or worse pass phrase was found on the corporate network...well, guess it’s time to watch the traffic destined for your RSA realm with more scrutiny.
Vague is an understatement. I attended RSA's conference call on Friday. It sounded like the RSA's participants were reading from a script. In addition the audience was not allowed to ask any questions. My gut feeling is; RSA's list of customer token serial numbers and their associated seed files have been swiped.
As pointed out by a co-worker: "The worst part of this is if our seed files and serials were compromised the only way to fix it in the long run is to get new tokens and seeds and re-issue all those tokens."

Diary Archives