Right. I've been patient. We've all been patient. But now I think it's time that RSA come clean about exactly what they lost when they were compromised earlier this year. We've now had reported attacks against Lockheed Martin, L-3 Communications and Northrop Grumman all of which have been linked with the use of SecurID tokens as an attack vector. Is the reporting correct? No idea. Is damage being done to RSA regardless? Oh yes.
What harm can come now from RSA posting details of what was compromised? I'm aware that RSA are in talks with their bigger customers but I don't think that this is enough. It certainly doesn't help me if I'm considering implementing a new two-factor authentication solution; why on earth would I consider SecurID at this time?
Final points to consider. It's probably fair to state now that whomever compromised RSA has used that information to attack their first tranche of targets. The surprise element is now gone and top tier targets should now be on the lookout for similar incursions. So what's the value now to the attackers in keeping whatever they got from RSA close to their chests? I daresay there'll be a bit of probing of some of their second tier targets (banks anyone?) before the attackers decide that they've realised most of the value of their initial RSA compromise. Depending on how mischievous they feel, I wouldn't necessarily be surprised to see the compromised RSA materials appear on the Internet in the near future - if only as a means to cause significant pain and disruption to the rest of the RSA user base. Do state-sponsored hackers still do it for the lulz? Guess we'll find out soon enough.
*********UPDATED************
Open letter from RSA to their customers:
http://www.rsa.com/node.aspx?id=3891
Still no real details though. Ho hum.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment