RSA offer to replace tokens is weak if defense-industry attackers can make their own

RSA offers to replace tokens at Lockheed, L3, Northrup, following RSA breach in March


The NYT ran estimates that more than 260 million people use RSA SecureID tokens, though that seems a high estimate for IDs that are in current, regular use.

Compared to that, replacing 45,000 that were directly affected is a pretty weak response.

With as much insider knowledge as they must have gained from the RSA breach, attackers with the kind of resources available to a foreign-national intelligence agency could do more than just clone a few electronic tokens.

It could reverse-engineer SecureID's lower-level code and build tools that would let them crack sites whose RSA tokens and security weren't part of the loot taken in March.

Replacing a few directly compromised IDs just isn't going to make enough of a difference.

Join us:






Answers - Powered by ITworld

Ask a Question