RSA SecurID Token Attack

You may recall reading in the press a while ago about an attack against RSA’s servers where confidential data concerning two-factor authentication keys was compromised.

Originally, RSA seemed confident that this theft would not result in a realistic attack on the SecurID two-factor authentication system, but now it appears that at least one major client of RSA, Lockheed Martin, has sustained an attack that strongly suggests that the stolen information is being used productively and maliciously.

To that end, RSA have announced that they will be extending their offer to replace tokens at no extra cost to certain customers. Should you be affected by this issue, you should contact your RSA representative for further information.

References:

https://www.ambersail.com/pci-dss-vulnerability-penetration-testing/

https://www.ambersail.com/cyber-essentials/

https://www.ambersail.com/pci-dss-penetration-test-policy/

https://www.ambersail.com/penetration-test-versus-vulnerability-scan/

 

http://www.theregister.co.uk/2011/06/07/rsa_token_replacement_offer/
http://www.theregister.co.uk/2011/06/06/lockheed_martin_securid_hack/
http://www.itpro.co.uk/632023/rsa-servers-hacked-as-securid-data-stolen
http://www.rsa.com/node.aspx?id=3872

Leave a Reply