RSA

Authentication failures are getting us owned. Our standard technology for auth, passwords, fail repeatedly — but their raw simplicity compared to competing solutions drives their continued use. SecurID is the most successful post-password technology, with over 40 million deployed devices. It achieved its success by emulating passwords as closely as possible. This involved generating key material at RSA’s factory, a necessary step that nonetheless created the circumstances that allowed a third party compromise at RSA to affect customers like Lockheed Martin.

RSA has appointed its first chief security officer, three months after a data theft on its network contributed to the hack of the world's biggest defense contractor, and possibly other important customers.

The Federal Government's peak security agency has recommended that departments and agencies accept the offer by troubled security vendor RSA to replace copies of its SecurID key fob identification tokens.

The SecurID platform sees small devices commonly known as "key fobs" distributed to staff and customers of major organisations, who then use the randomised codes created by the fobs to authenticate their credentials when they log in to sensitive systems such as internet banking platforms or government system.

Despite Art Coviello's open letter offering to replace tokens for customers, we are still none the wiser as to what assets within RSA were compromised during the breach they suffered in March.

RSA Security is offering to provide security monitoring or replace its well-known SecurID tokens -- devices used by millions of corporate workers to securely log on to their computers -- "for virtually every customer we have," the company's chairman Art Coviello said in an interview.

In a letter to customers, the EMC unit openly acknowledged for the first time that intruders had breached its security systems at defence contractor Lockheed Martin using data stolen from RSA.

HACKERS MIGHT HAVE ATTACKED a third US military contractor, again using cryptographic identity key data they might have obtained from RSA Security earlier this year.

A source within Northrop Grumman told Fox News that the firm shut down remote access to its network at the end of last month and conducted a complete domain name and password reset. In a statement, the company didn't confirm that it had been hit with a cyber attack, but didn't deny it either.

RSA hackers might have been behind the recent information security incident at defense contractor Lockheed Martin, according to security experts.

An executive at defense giant L-3 Communications warned employees this spring that hackers were targeting the company using inside information on the SecurID keyfob system freshly stolen from an acknowledged breach at RSA Security.

“L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information,” read an April 6 e-mail from an executive at L-3’s Stratus Group to the group’s 5,000 workers, one of whom shared the contents with Wired.com on condition of anonymity.