[ISN] InsecureID: No more secrets?

From: InfoSec News <alerts_at_private>
Date: Fri, 27 May 2011 02:04:28 -0500 (CDT)

By Robert X. Cringely
I, Cringely
May 25th, 2011 

Back in March I heard from an old friend whose job it is to protect his 
company’s network from attack. “Any word on just what was compromised at 
RSA?” he asked, referring to how the RSA Data Security division of EMC 
had been hacked. “I suspect it was no more than a serial number, a seed, 
and possibly the key generation time. The algorithm has been known for 
years but unless they can match a seed to an account it is like having a 
key without knowing what lock it fits. That might simplify a brute force 
attack but first the attacker would need something to brute force…”

Well it didn’t take long for whoever cracked RSA to find a lock to fit 
that key.

Last weekend was bad for a very large U. S. defense contractor that uses 
SecureID tokens from RSA to provide two-factor authentication for remote 
VPN access to their corporate networks. Late on Sunday all remote access 
to the internal corporate network was disabled. All workers were told 
was that it would be down for at least a week. Folks who regularly 
telecommute were asked to come into nearby offices to work. Then earlier 
today (Wednesday) came word that everybody with RSA SecureID tokens 
would be getting new tokens over the next several weeks. Also, everybody 
on the network (over 100,000 people) would be asked to reset their 
passwords, which means admin files have probably been compromised.

It seems likely that whoever hacked the RSA network got the algorithm 
for the current tokens and then managed to get a key-logger installed on 
one or more computers used to access the intranet at this company. With 
those two pieces of information they were then able to get access to the 
internal network.

The contractor’s data security folks saw this coming, though not well 
enough to stop it. Shortly after the RSA breach they began requiring a 
second password for remote logins. But that wouldn’t help against a 
key-logger attack.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Fri May 27 2011 - 00:04:28 PDT

This archive was generated by hypermail 2.2.0 : Fri May 27 2011 - 00:15:35 PDT