RSA Remediation?

If anyone here who happened to miss this big topic, RSA was hacked about a week ago and the report from ITSC is over here. A day after they had admitted about this issue, they provided a so-called remediation to the issue where their SecurID product were indirectly compromised. They had carefully listed nine ways to safeguard their SecurID product. But to my opinion from the nine ways mentioned, it is more towards the customer side to secure their own device. It is understandable that it is tough to replace 40 million of SecurID products sold worldwide. Comes to the main point, is the nine ways mentioned sufficient to satisfy current RSA customer? Are they not worry that their token’s had been compromised?

For the users who are not aware, four days after the announcement of RSA being hacked, security experts around the world starts questioning whether they should continue to use the SecurID tokens. There is a quote from one of the independent security specialist, Steve Gibson said that “Any company using RSA SecurID tokens should consider them completely compromised and should insist upon their immediate replacement.” in his personal blog. Kind of make sense right.

There is also a speculation where the root seed file of each tokens were stolen. That secret 16-digit seed number is combined with the time, hash algorithm and possible the token’s serial number to create six or eight digit passcode which changed every 30 or 60 seconds. Generally, in order to perform a login with the SecurID product, there is a need where the user need to provide the username, password and the passcode from the security device. Thus, the seed code is also called the “keys to the kingdom” to certain people.

From the way the product authenticates, if the attacker knows what is the future passcode of the SecurID token, then it is no longer secured. What left behind now is the username and password and I can tell everyone here, it is not really hard to crack the username and password with this level of attacker combined with computers that rapidly spin through possible combinations.

As a conclusion to this case, there is still no news from RSA about the full replacement of the 40 million SecurID although I doubt that it will happen. However, due to silence from the attacked party, it has raised a very big question to the current users that their token might had been fatally compromised. Keep up with ITSC to get more news on this issue.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. Pwn2Own: Safari & IE8 Hacked, Firefox & Chrome Stand Strong
  2. Beware: Phishing Attack Hits Paypal
  3. Security Vendor RSA Gets Hacked
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)