|
RSA have announced that they have discovered a breach in to their systems.
Chris Mohan --- Internet Storm Center Handler on Duty |
Chris 105 Posts ISC Handler |
| Reply Subscribe |
Mar 18th 2011 8 years ago |
|
Because they give no time-frame other than "recent", this could have been discovered months ago and they are only now announcing it. I wonder how long the FBI has been looped in.
|
Anonymous |
| Reply Quote |
Mar 18th 2011 8 years ago |
|
Does this mean that these two factor auto password keyfobs are now not secure? That seems to likely be their target based on this announcement. I have no idea how they work internally but if they haven't followed sound practices designing these things this factor could now be neutralized. Lets hope the design on these doesn't have any major flaws.
|
BGC 23 Posts |
| Reply Quote |
Mar 18th 2011 8 years ago |
|
If for some reason the seed records have been compromised, then 2FA from RSA is now on shaky ground. They do a good job of using crypto to protect the dbase, but if the keys or worse pass phrase was found on the corporate network...well, guess it’s time to watch the traffic destined for your RSA realm with more scrutiny.
|
BGC 10 Posts |
| Reply Quote |
Mar 18th 2011 8 years ago |
|
Vague is an understatement. I attended RSA's conference call on Friday. It sounded like the RSA's participants were reading from a script. In addition the audience was not allowed to ask any questions. My gut feeling is; RSA's list of customer token serial numbers and their associated seed files have been swiped.
|
BGC 1 Posts |
| Reply Quote |
Mar 21st 2011 8 years ago |
|
As pointed out by a co-worker: "The worst part of this is if our seed files and serials were compromised the only way to fix it in the long run is to get new tokens and seeds and re-issue all those tokens."
|
Jasey 93 Posts |
| Reply Quote |
Mar 21st 2011 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!
