securid
Latest
RSA offering SecurID replacements following Lockheed Martin attack
We'd already had a pretty clear indication that information obtained in the massive RSA hack back in March was used in the attack on Lockheed Martin last month, and RSA has now confirmed that itself for the first time. What's more, Executive Chairman Art Coviello has also announced that the company is willing to provide security monitoring services to those concerned, and even replace existing SecurIDs free of charge for "virtually every customer" it has. Considering that millions of the tokens are now in use, that could add up to quite the bill. Not surprisingly, however, he isn't divulging many more details about the attack itself, noting only that the attacker's "most likely motive" was to use the information to "target defense secrets and related IP, rather than financial gain."
RSA SecureID hackers may have accessed Lockheed Martin trade secrets, cafeteria menus (update: no data compromised)
RSA SecureID dongles add a layer of protection to everything from office pilates class schedules to corporate email accounts, with banks, tech companies, and even U.S. defense contractors using hardware security tokens to protect their networks. Following a breach at RSA in March, however, the company urged clients to boost other security methods, such as passwords and PIN codes, theoretically protecting networks from hackers that may have gained the ability to duplicate those critical SecureIDs. Now, Lockheed Martin is claiming that its network has come under attack, prompting RSA to issue 90,000 replacement tokens to Lockheed employees. The DoD contractor isn't detailing what data hackers may have accessed, but a SecureID bypass should clearly be taken very seriously, especially when that little keychain dongle is helping to protect our national security. If last month's Sony breach didn't already convince you to beef up your own computer security, now might be a good time to swap in 'Pa55werD1' for the rather pathetic 'password' you've been using to protect your own company's trade secrets for the last decade. [Thanks to everyone who sent this in] Update: According to Reuters, Lockheed Martin sent out a statement to clarify that it promptly took action to thwart the attack one week ago, and consequently "no customer, program or employee personal data has been compromised." Phew! [Thanks, JD]
RSA hacked, data exposed that could 'reduce the effectiveness' of SecurID tokens
If you've ever wondered whether two-factor authentication systems actually boost security, things that spit out pseudorandom numbers you have to enter in addition to a password, the answer is yes, yes they do. But, their effectiveness is of course dependent on the security of the systems that actually generate those funny numbers, and as of this morning those are looking a little less reliable. RSA, the security division of EMC and producer of the SecurID systems used by countless corporations (and the Department of Defense), has been hacked. Yesterday it sent out messages to its clients and posted an open letter stating that it's been the victim of an "advanced" attack that "resulted in certain information being extracted from RSA's systems" -- information "specifically related to RSA's SecurID two-factor authentication products." Yeah, yikes. The company assures that the system hasn't been totally compromised, but the information retrieved "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack." RSA is recommending its customers beef up security in other ways, including a suggestion that RSA's customers "enforce strong password and pin policies." Of course, if security admins wanted to rely on those they wouldn't have made everyone carry around SecurID tokens in the first place. [Thanks to everyone who sent this in]
Oh, by the way: July 22, 2009
Here's some of the other stuff that happened in the wide world of mobile for Wednesday, July 22nd, 2009: For some reason known only to Samsung, it seems the S9110 watchphone won't be coming to the UK any time soon. Of course, if you've got unlocked GSM 900 / 1800 units floating around France this month, it should be a simple matter to get 'em anywhere in Europe. LG's second quarter report revealed an astounding 32 percent jump in phone shipments quarter-over-quarter, setting an all-time best 29.82 million units. The company specifically calls out the next Black Label phone -- presumably the BL40 -- as one of the phones it's pinning its hopes and dreams on toward the end of the year. [Via mocoNews] iPhones can now be used to generate RSA SecurID tokens, which should make a great many enterprise iPhone users happier than pigs in poo. Google Maps 3.2 has been released for Windows Mobile and S60. The big feature here is layered data, meaning you can add and remove different bits of information (Latitude, traffic, and so on) one layer at a time. A picture atop Samsung USA's mobile site suggests a new QWERTY slider is destined for MetroPCS. It's labeled Messager, but looks nothing like the Messager we're acquainted with -- instead, it looks suspiciously like Bell's Vice. [Via Phone Scoop]
Blizzard Authenticator passcode token adds anti-theft enchantment to your World of Warcraft account
Nothing's worse than when you log on to raid Onyxia only to find that some loser sold all your elite loot. Fear not, vulnerable World of Warcraft denizens, for Blizzard is here to sell you the $6.50 "Blizzard Authenticator" dongle. Reacting to an upswing in account theft incidents, Blizzard has released a security token that allows hardcore users to add another layer of protection to their high-level (and attractive) characters. The device is basically a SecurID token with a six-digit code that you'll need to keep with you any time you want to get your groove on in Azeroth. By the way, we dare you to put this on your keychain and wear it with pride.
UPEK Eikon To Go RSA key comes with a built-in fingerprint reader
Although RSA's SecurID two-factor authentication system is pretty solid (except for when the keys go out of sync), it looks like organizations with even more stringent security requirements might be interested in UPEK's new Eikon To Go RSA key, which adds a fingerprint reader to the mix. Yep, nothing really too wild -- but it's definitely one of the cooler-looking SecurID keys we've seen out there.
PayPal to offer security key fobs for additional account protection
For every stupendous scam that crafty / immoral individuals pull off on eBay, there's at least a couple phishing scams out there trying to jack your precious eBay or PayPal password and access your hard-earned dollars. PayPal is readying a VeriSign security key that will resemble the RSA SecureID we corporate workers are all too familiar with with, and will sport a monochrome LCD screen that rotates a six-digit password every 30 seconds. Clients who opt to use this device will be able to enter it along with their usual username / password credentials when logging in, which would prevent scammers from accessing their account without the key fob in hand. The firm has been testing the device with employees for "several months," and plans to start trialing it with customers "within a month or so." Personal account owners in America, Germany, and Australia will eventually have the option of picking one up for a one-time fee of $5, while business accounts will receive the unit gratis, but if you're not savvy enough to pass on by those tempting scams, five bucks could be a small price to pay to keep your cash out of strangers' hands.[Via jkOnTheRun]
