RSA have announced that they have discovered a breach in to their systems.
Chris Mohan --- Internet Storm Center Handler on Duty |
Chris 105 Posts ISC Handler Mar 18th 2011 |
Thread locked Subscribe |
Mar 18th 2011 1 decade ago |
Because they give no time-frame other than "recent", this could have been discovered months ago and they are only now announcing it. I wonder how long the FBI has been looped in.
|
Anonymous |
Quote |
Mar 18th 2011 1 decade ago |
Does this mean that these two factor auto password keyfobs are now not secure? That seems to likely be their target based on this announcement. I have no idea how they work internally but if they haven't followed sound practices designing these things this factor could now be neutralized. Lets hope the design on these doesn't have any major flaws.
|
BGC 23 Posts |
Quote |
Mar 18th 2011 1 decade ago |
If for some reason the seed records have been compromised, then 2FA from RSA is now on shaky ground. They do a good job of using crypto to protect the dbase, but if the keys or worse pass phrase was found on the corporate network...well, guess it’s time to watch the traffic destined for your RSA realm with more scrutiny.
|
BGC 10 Posts |
Quote |
Mar 18th 2011 1 decade ago |
Vague is an understatement. I attended RSA's conference call on Friday. It sounded like the RSA's participants were reading from a script. In addition the audience was not allowed to ask any questions. My gut feeling is; RSA's list of customer token serial numbers and their associated seed files have been swiped.
|
BGC 1 Posts |
Quote |
Mar 21st 2011 1 decade ago |
As pointed out by a co-worker: "The worst part of this is if our seed files and serials were compromised the only way to fix it in the long run is to get new tokens and seeds and re-issue all those tokens."
|
Jasey 93 Posts |
Quote |
Mar 21st 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!