- NYTimes on What Happened.
- Znet on what happened.
- Overview of the tools, techniques and procedures used in the attack from Command5. (pdf)
- RSA tells everyone to replace SecurID tokens (RSA, Mar/2011)
- Wired discusses how F-Secure figured out what the Worm was that got into RSA.
And then slashdot points out:
"A researcher has found and published a way to tune into an RSA SecurID Token. Once a few easy steps are followed,
anyone can generate the exact numbers shown on the token. The method
relies on finding the seed that is used to generate the numbers in a way
that seems random. Once it is known, it can be used to generate the
exact numbers displayed on the targeted Token. The technique, described
on Thursday by a senior security analyst at a firm called SensePost, has
important implications for the safekeeping of the tokens. An estimated
40 million people use these to access confidential data belonging to
government agencies, military contractors, and corporations. Scrutiny of
the widely used two-factor authentication system has grown since last
year, when RSA revealed
that intruders on its networks stole sensitive SecurID information that
could be used to reduce its security. Defense contractor Lockheed
Martin later confirmed that a separate attack on its systems was aided by the theft of the RSA data."
No comments:
Post a Comment