[ale] Thursday ALE meeting-RSA security breach

Paul Cartwright ale at pcartwright.com
Fri Mar 18 13:45:44 EDT 2011


On 3/18/2011 1:37 PM, John Pilman wrote:
> I just want to say, I got a lot out of the talk last night about
> security and GnuPG.  Thanks David.
the company I contract to uses this method for loggin in...


http://www.nytimes.com/external/venturebeat/2011/03/18/18venturebeat-rsa-security-breach-leaves-data-for-40m-empl-21812.html

The servers of RSA, the security division of information storage giant
EMC, have been breached and sensitive information from more than 40
million employees may have been compromised.

The information at risk is the two-factor authentication tokens used by
employees to access corporate and government networks.

The RSA authentication security system uses these tokens to create a
time sensitive number for an employee to enter along with his or her
password.

This additional security measure is important because it prevents
attempts from hackers who may have uncovered an employee’s password. If
the hackers were able to access information from a particular company,
they might be able to generate the password for one of its tokens.

Says RSA Executive Chairman Art Coviello, “While at this time we are
confident that the information extracted does not enable a successful
direct attack on any of our  RSA SecurID customers, this information
could potentially be used to reduce the effectiveness of a current
two-factor authentication implementation as part of a broader attack.”

RSA’s system is currently used by approximately 25,000 organizations,
including banks and the US military.

RSA contacted customers asking them to follow a number of cautionary
practices. The company says it is examining the breach and is working
with the authorities; there is no doubt more information will be
announced shortly.

Tags: security

Companies: RSA


-- 
Paul Cartwright



More information about the Ale mailing list