RSA attacked, SecurID possibly compromised

[WobbleWobble]

http://www.rsa.com/node.aspx?id=3872

I haven't heard what the mediation steps are. It also had me thinking about Mozy, since EMC owns both companies. Be sure to use a private key (if applicable) when using cloud backup services.

 

[Chiefcrowe]

wow this is pretty scary! Please post any other details if you find them....

 

[WobbleWobble]

This is the same information in the email we got from RSA

http://www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex992.htm

Most relate to phishing/social engineering, so I'm guessing that they need a piece of information from the user. Possibly the serial number of the token?

 

[Chiefcrowe]

here's another article i found on it

http://arstechnica.com/security/new...nt-allow-direct-attack-on-secureid-tokens.ars

 

[E411]

I suspect that either

1) A private key that is used to create SecurID hashes was stolen or reverse engineered

or

2) Someone was able to dump the internal Serial->Tokencode database from their internal systems.

in case #1, it seems the risk requires someone to steal your internal database, or perhaps somehow generate the private key via the serial number.

I suspect #2 is more accurate, which means that an attacker still has to know your serial number AND your PIN, but the security of the system is still substantially compromised.

I am interested to see if the DoD or other groups soon ban the use of SecurID, or require new tokens to be purchased, due to this compromise.