Attacks/Breaches
11/15/2011
10:43 AM
50%
50%

RSA Breach: Eight Months Later

Worries still linger of future attacks, but experts hope the event shook industry out of black-and-white security mentality.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
More than eight months after the RSA SecurID breach bombshell was dropped on the industry, security professionals still whisper among themselves at the long-term ramifications of what RSA called the extraction of "information related to the RSA SecurID product." To this day, RSA still won't confirm what exactly was stolen from its systems, but speculation has run high that the token seeds were compromised in some way.

Given the paucity of information coming from its quarters, security experts are left to speculate on whether we may still see an attack leveraging information stolen from RSA. But the bigger question may be how the breach will change the authentication scene and the security industry at large.

For its part, RSA doesn't try to sugarcoat things. Company spokespeople couldn't say there would be no future attacks using old tokens, but did point out to the best of RSA's knowledge there's only been one customer confirmed to have been attacked using information stolen from RSA in the breach, that being an attack against Lockheed Martin that the defense contractor was able to stave off.

"Since there's no such thing as perfect security, it's impossible to predict what could happen. Nevertheless, we worked proactively and openly with customers immediately after the attack in March and continue to do so," said Eddie Schwartz, chief security officer at RSA. "We hardened our IT infrastructure and the processes related to SecurID manufacturing and delivery. Since March 2011, customers have been implementing our recommended best practices and remediation steps based on their views of the risk in this situation."

According to Rick Moy, CEO of NSS Labs, a security analyst and testing firm, even now it's hard to tell how sustained the long-term risks are without more information released from RSA.

"We still don't know what we don't know," Moy says. "I think it's hard to say without knowing how many of the tokens that RSA has replaced. There very well could be additional incidents out there. It's hard to close the book on it because they haven't really come forth with details."

Schwartz and RSA would not say how many tokens have been replaced so far, but that many customers have opted not to replace their tokens in favor of other mitigation techniques.

Read the rest of this article on Dark Reading.

In today's uncertain and highly scrutinized financial services industry, achieving effective risk management is vital for survival. The report examines the need for enterprise risk management, the benefits of holistic data management, and ERM best practices. Download the report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.