RSA says hack won't allow "direct attack" on SecureID tokens

**GroundZero3** · March 21st, 2011, 07:33 AM

Security firm RSA has been the victim of an "extremely sophisticated" attack that has resulted in exfiltration of certain private information, announced Executive Chairman Art Coviello in an open letter published yesterday. The company also filed a note with the SEC, warning of possible risks due to the attack. Since 2006, RSA has been part of EMC.

I found this interesting since im in the middle of deploying SecureID onto your network

**GroundZero3** · June 7th, 2011, 02:23 PM

RSA finally comes clean: SecurID is compromised

Wah wah!

I just got finishing deploying a bunch of tokens and having users setup new PINs.

Now I need to pass out all new tokens to users and have them setup PINs again. AWESOME!

**no1_vern** · June 7th, 2011, 02:46 PM

Lying to your customers is especially bad when you are a SECURITY firm. Not good for your business. While RSA has lots of contracts that wont go away overnight, it probably will lose a fair amount of customers/businesses over this issue.

**osprey4** · June 7th, 2011, 07:05 PM

Ok, so what if my company uses SecurID? I'm supposed to worry about....what exactly?

**GroundZero3** · June 7th, 2011, 09:07 PM

See the problem is companies like Lockheed martin that stopped a compromise wont come out and fully say how the exploit happened. Just that it has to deal with secureid (this is whatever is really concerned about, no one is saying anything really). It took from March 21 - June 7th pretty much for RSA to come clean to its customers.

But here is the low down which makes this kind of a big deal (espically since several government agencies use these devices). If a person has the token seeds (which my understanding they know which companies have what seeds) then the attacker has to find out the username/pin to be able to log in. Something that doesn't sound easy now does it? Well you are right in a way however RSA was hacked with pretty much someone opening up an excel sheet that had some sort of exploit that spread on the network. All it takes is for a keylogger or some other kind of malware to spread on a network to grab that information. So a two authentication method is pretty much back down to a basic username/password (which is only alpha/numeric, I dont remember being able to see users be able to set up symbols in their Pins)

Me personally I would like to move to smart cards