for expert Network Services and IT Services
On March 17th this year, RSA Security's Executive chairman revealed that RSA had been the subject of a "persistent" attack and had suffered intrusion into the internal system for a significant length of time.
The statement would indicate that there has been some compromise of data pertaining to the security of the popular SecureID tokens. Indications are that this is related to the serial number of the hardware tokens in some way as the advice is for users to try to keep these confidential. It would seem reasonable to suspect that the data that has been compromised is coupled with knowledge of the serial number meaning that the resulting One-Time-Password OTP could be predicted. At least one large defence company in the USA has stopped using the SecureID tokens for this reason.
Not good news for users of RSA's SecureID system.
More info at Steve Gibson's blog: http://steve.grc.com/
|
©L3n 2011 Established 2002 |
Contact us on +44 (0)845 450 4944 or via L3n.co.uk/contact |
 |
Terms of Use & Privacy Policy |
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer