Linked by HAL2001 on Sun 20th Mar 2011 08:57 UTC
Privacy, Security, Encryption RSA suffered a breach and data loss following an "extremely sophisticated cyber attack." Their investigation revealed that the information extracted from the company systems is related to its SecurID two-factor authentication products. The news of the incident spread through the community like wildfire and information security professionals are offering their take on this incident. We still don't know the technical details, but it's certain that RSA's brand has taken a big hit.
Permalink for comment 467074
To read all comments associated with this story, please click here.
RE: Levelling the playing field
by Soulbender on Mon 21st Mar 2011 04:42 UTC in reply to "Levelling the playing field"
Soulbender
Member since:
2005-08-18

but I would hope the entire system is open-spec such that it has been audited by the greater security community for potential flaws.


You'd think so and you'd be wrong. It's closed-sauce secret magic all the way. Think of it as a glorified shared secret (ok, it's more complicated). I had to do a little work with SecurID a while back and I found it odd that companies would put so much trust in it.

On related note, I found it funny that someone in the linked articles (can't remebmer who, can't be arsed to check) described SecurID as a pre-determined sequence of random numbers. Uh, hello? It's ethier pre-determined or random, it can't be both. This person should probably stay the f--k away from security.

Edited 2011-03-21 04:44 UTC

Reply Parent Score: 3