Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: RSA Breach Notification - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
RSA Breach Notification

RSA have announced that they have discovered a breach in to their systems.

This open letter from RSA's Executive Chairman, Art Coviello, alludes to the attack extracting data on their RSA's SecurID two-factor authentication products.

Information on the attack and what other information may have been extracted by the attack is limited to this RSA open letter so far.

RSA have also sent out an email to a number of their customers with a similar warning and notification of the breach.



Chris Mohan --- Internet Storm Center Handler on Duty


105 Posts
ISC Handler
Mar 18th 2011
Because they give no time-frame other than "recent", this could have been discovered months ago and they are only now announcing it. I wonder how long the FBI has been looped in.
Does this mean that these two factor auto password keyfobs are now not secure? That seems to likely be their target based on this announcement. I have no idea how they work internally but if they haven't followed sound practices designing these things this factor could now be neutralized. Lets hope the design on these doesn't have any major flaws.

23 Posts
If for some reason the seed records have been compromised, then 2FA from RSA is now on shaky ground. They do a good job of using crypto to protect the dbase, but if the keys or worse pass phrase was found on the corporate network...well, guess it’s time to watch the traffic destined for your RSA realm with more scrutiny.
10 Posts
Vague is an understatement. I attended RSA's conference call on Friday. It sounded like the RSA's participants were reading from a script. In addition the audience was not allowed to ask any questions. My gut feeling is; RSA's list of customer token serial numbers and their associated seed files have been swiped.
1 Posts
As pointed out by a co-worker: "The worst part of this is if our seed files and serials were compromised the only way to fix it in the long run is to get new tokens and seeds and re-issue all those tokens."

93 Posts

Sign Up for Free or Log In to start participating in the conversation!