This article has been reposted with updates below.
In mid-March security vendor RSA publicly announced that hackers had successfully compromised parts of their network and extracted information relating to their SecurID products.
Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products.
RSA SecurID is widely used to provide two-factor authentication of Exchange OWA, Citrix, VPNs, and other corporate remote access. If you use SecurID products it would be wise to keep up to date with this story as it develops.
More information from RSA can be found here.
- ZDNet: RSA breach report lacks depth
- Bruce Schneier writes “RSA Data Security, Inc. is probably pretty screwed if SecurID is compromised. Those hardware tokens have no upgrade path, and would have to be replaced. How many of the company’s customers will replace them with competitors’ tokens. Probably a bunch. Hence, it’s in RSA’s best interest for their customers to forget this incident as quickly as possible.“
- Anatomy of an Attack – RSA’s Uri Rivner describes the attack in more detail
- RSA says “disclosure could compromise clients“