All the latest UK technology news, reviews and analysis
|
|
|
18 Mar 2011
RSA is warning its customers that the company has suffered a security breach after hackers sought out details on its SecureID system.
In an open letter to customers, Art Coviello, RSA's former chief executive and current executive chairman, warned that an Advanced Persistent Threat (APT) attack had partially succeeded in getting into RSA's confidential systems.
So far the intrusion seems to be limited to the SecureID software but customers are warned to be on their guard. Coviello said that other EMC corporate systems had not been breached.
"While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," he said.
"We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations."
The SecureID system is used by over 20,000 corporations and banking companies to provide two-factor authentication. Software generates seemingly random numbers of a hardware token or software tool and those are synchronised with a central server to provide login identification.
The term APT refers to a combination attack that uses hacking, social engineering and more traditional espionage to breach security systems over an extended period. Experts acknowledge that such attacks are impossible to defeat over time.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Flash Developer- Actionscript 3.0, AJAX, JSON, computer...
Business Analyst - Risk platform - Equity Derivatives...
Java Developer - Algorithmic Trading - Global Trading...
Junior Middle Office Project Manager, Treasury, IB...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Securing the end point takes more than just a token
The news from RSA that it has been subject to a serious cyber attack, and the subsequent industry speculation that millions of two-factor authentication tokens are now at risk, highlights once again that a range of security devices and procedures need to be place to protect sensitive data. However well protected information held centrally might be, securing the end point is still every bit as important as it has always been, maybe even more so as hackers and malware becomes ever more sophisticated, as the RSA case highlights. Where information is accessed at the end point, if that end point is compromised the corporate network could be too. While a token may help to prove who the user is, malware on a home computer that has access to the network via a browser could still provide a security threat. Home computers, laptops and thin clients could still be subject to attacks from key loggers and screen scrapers. Securing the end point in a cost efficient way is a tricky problem but one that can be addressed in a relatively straightforward way. The latest secure remote working solutions based on encryption provide can provide a secure remote environment totally isolated from the host machine. Some of these systems have been approved by the UK Government for use with sensitive data, and can give additional layers of security to platforms such as VMware and Citrix ensuring that data remains safe. Marc Hocking, CTO, Becrypt. www.becrypt.com
Posted by: Marc Hocking 21 Mar 2011