RSA Security not really secure at all
RSA Security may need to consider changing its name to RSA “Security” after a hacking attack in March compromised 40 million SecureID tokens, which must now be replaced. SecureID tokens provide a two-factor authentication system which makes unauthorized access of user data virtually impossible. By using an algorithm and a unique seed for each token, a pseudo-random number is generated every 30 to 60 seconds to be used in addition to a user’s password when logging on to whatever secure account is connected to the token. It sounds like an impenetrable method for keeping accounts secure, and it is, as long as the token vendor isn’t hacked and its algorithm and seeds aren’t compromised. Once the security of the tokens has been circumvented, user accounts are left vulnerable to basic password cracking techniques, like keylogging and password reuse.
RSA initially claimed that its hacking attack would not allow any “direct attacks” on SecureID tokens, but their latest plans to replace the 40 million tokens that are currently in use leads many to believe that the security offered by RSA wasn’t everything they promised it would be. Lockheed Martin, a client of RSA, suffered a hacking attack following RSA’s attack in March, and it’s rumored that other corporate clients, like Northrop Grumman and L-3 Communications both faced similar hacking attempts as well.
The lesson to be taken from this is to make sure your passwords are well-chosen and random. Using two-factor identification is a secure option, but you’re never entirely safe. The more paranoid you are about your online security, the better. And remember: just because you’re paranoid doesn’t mean they’re not out to get you. (Via Ars Technica)<< Back to Articles