rsa security
Latest
RSA SecureID hackers may have accessed Lockheed Martin trade secrets, cafeteria menus (update: no data compromised)
RSA SecureID dongles add a layer of protection to everything from office pilates class schedules to corporate email accounts, with banks, tech companies, and even U.S. defense contractors using hardware security tokens to protect their networks. Following a breach at RSA in March, however, the company urged clients to boost other security methods, such as passwords and PIN codes, theoretically protecting networks from hackers that may have gained the ability to duplicate those critical SecureIDs. Now, Lockheed Martin is claiming that its network has come under attack, prompting RSA to issue 90,000 replacement tokens to Lockheed employees. The DoD contractor isn't detailing what data hackers may have accessed, but a SecureID bypass should clearly be taken very seriously, especially when that little keychain dongle is helping to protect our national security. If last month's Sony breach didn't already convince you to beef up your own computer security, now might be a good time to swap in 'Pa55werD1' for the rather pathetic 'password' you've been using to protect your own company's trade secrets for the last decade. [Thanks to everyone who sent this in] Update: According to Reuters, Lockheed Martin sent out a statement to clarify that it promptly took action to thwart the attack one week ago, and consequently "no customer, program or employee personal data has been compromised." Phew! [Thanks, JD]
RSA hacked, data exposed that could 'reduce the effectiveness' of SecurID tokens
If you've ever wondered whether two-factor authentication systems actually boost security, things that spit out pseudorandom numbers you have to enter in addition to a password, the answer is yes, yes they do. But, their effectiveness is of course dependent on the security of the systems that actually generate those funny numbers, and as of this morning those are looking a little less reliable. RSA, the security division of EMC and producer of the SecurID systems used by countless corporations (and the Department of Defense), has been hacked. Yesterday it sent out messages to its clients and posted an open letter stating that it's been the victim of an "advanced" attack that "resulted in certain information being extracted from RSA's systems" -- information "specifically related to RSA's SecurID two-factor authentication products." Yeah, yikes. The company assures that the system hasn't been totally compromised, but the information retrieved "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack." RSA is recommending its customers beef up security in other ways, including a suggestion that RSA's customers "enforce strong password and pin policies." Of course, if security admins wanted to rely on those they wouldn't have made everyone carry around SecurID tokens in the first place. [Thanks to everyone who sent this in]
