RSA hacker found use for SecureID algorithm

[ShadowStriker]

Link

Well it didn’t take long for whoever cracked RSA to find a lock to fit that key.
Last weekend was bad for a very large U. S. defense contractor that uses SecureID tokens from RSA to provide two-factor authentication for remote VPN access to their corporate networks. Late on Sunday all remote access to the internal corporate network was disabled. All workers were told was that it would be down for at least a week. Folks who regularly telecommute were asked to come into nearby offices to work. Then earlier today (Wednesday) came word that everybody with RSA SecureID tokens would be getting new tokens over the next several weeks. Also, everybody on the network (over 100,000 people) would be asked to reset their passwords, which means admin files have probably been compromised.

It seems likely that whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company. With those two pieces of information they were then able to get access to the internal network.

 

[C7J0yc3]

Funny that all they needed to do to prevent this was get new tokens right after RSA got hacked and changed their algorithm. In fact they put out whitepaper suggesting that any network currently using their 2 auth tokens were to be considered compromised until new tokens were issued and passwords were reset.

It still amazes me how lax companies large and small are about security because of "Acceptance of Risk" aka would it cost more to secure our stuff in the first place, or mop up the mess afterwards.

 

[DSee]

Yes,

We're required to change our passcode to 8-digit.