Skip to main content

RSA

Dan Kamsinky On The RSA SecurID Compromise

posted onJune 10, 2011
by l33tdawg
Credit:

Authentication failures are getting us owned. Our standard technology for auth, passwords, fail repeatedly — but their raw simplicity compared to competing solutions drives their continued use. SecurID is the most successful post-password technology, with over 40 million deployed devices. It achieved its success by emulating passwords as closely as possible. This involved generating key material at RSA’s factory, a necessary step that nonetheless created the circumstances that allowed a third party compromise at RSA to affect customers like Lockheed Martin.

Only now does RSA appoint a security chief?!

posted onJune 10, 2011
by l33tdawg
Credit:

RSA has appointed its first chief security officer, three months after a data theft on its network contributed to the hack of the world's biggest defense contractor, and possibly other important customers.

DSD tells agencies to replace RSA tokens

posted onJune 10, 2011
by l33tdawg
Credit:

The Federal Government's peak security agency has recommended that departments and agencies accept the offer by troubled security vendor RSA to replace copies of its SecurID key fob identification tokens.

The SecurID platform sees small devices commonly known as "key fobs" distributed to staff and customers of major organisations, who then use the randomised codes created by the fobs to authenticate their credentials when they log in to sensitive systems such as internet banking platforms or government system.

Can RSA repair the broken trust?

posted onJune 8, 2011
by l33tdawg
Credit: Source: Flickr (CC)

Despite Art Coviello's open letter offering to replace tokens for customers, we are still none the wiser as to what assets within RSA were compromised during the breach they suffered in March.

RSA forced to replace nearly all tokens after security breach

posted onJune 7, 2011
by l33tdawg
Credit: Source: Flickr (CC)

RSA Security is offering to provide security monitoring or replace its well-known SecurID tokens -- devices used by millions of corporate workers to securely log on to their computers -- "for virtually every customer we have," the company's chairman Art Coviello said in an interview.

In a letter to customers, the EMC unit openly acknowledged for the first time that intruders had breached its security systems at defence contractor Lockheed Martin using data stolen from RSA.

RSA SecureID hackers are linked to a third military contractor

posted onJune 2, 2011
by l33tdawg

HACKERS MIGHT HAVE ATTACKED a third US military contractor, again using cryptographic identity key data they might have obtained from RSA Security earlier this year.

A source within Northrop Grumman told Fox News that the firm shut down remote access to its network at the end of last month and conducted a complete domain name and password reset. In a statement, the company didn't confirm that it had been hit with a cyber attack, but didn't deny it either.

Second Defense Contractor L-3 ‘Actively Targeted’ With RSA SecurID Hacks

posted onMay 31, 2011
by l33tdawg

An executive at defense giant L-3 Communications warned employees this spring that hackers were targeting the company using inside information on the SecurID keyfob system freshly stolen from an acknowledged breach at RSA Security.

“L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information,” read an April 6 e-mail from an executive at L-3’s Stratus Group to the group’s 5,000 workers, one of whom shared the contents with Wired.com on condition of anonymity.