Le principe Noemi concept
Astuces informatiques
Webbuzz & Tech info
Noemi météo
Notions de Météo
Animation satellite
Mesure du taux radiation
NC Communication & Design
News Département Com
Portfolio
NC Print et Event
NC Video
Le département Edition
Les coups de coeur de Noemi
News Grande Région
News Finance France
Glance.lu
Nearly three months after RSA Security was breached by hackers, the company has announced it will replace the security tokens for nearly all of its SecurID customers.
The move, announced in a letter to customers on Monday, comes after news that defense contractor Lockheed Martin was reportedly breached by hackers using duplicates of the SecurID keys that RSA had issued the contractor.
Other defense contractors, including L-3, have apparently also been targeted by hackers using inside SecureID information apparently stolen from RSA.
SecurID adds an extra layer of protection to a login process by requiring users to enter a secret code number displayed on a keyfob, or in software, in addition to their password when they log into their networks. The number is cryptographically generated and changes every 30 seconds.
Last March, RSA, and its parent company EMC, announced that hackers had succeeded in stealing information related to its SecurID system. EMC maintained publicly, however, that customers didn’t need to worry about changing their keys, and that data stolen in the hack could not be used to directly. Instead, EMC advised customers to increase the length of employee PINs or passwords that are used in conjunction with the SecurID system.
But in its letter to customers on Monday, the security giant acknowledged that data stolen from it had been used to directly hack Lockheed Martin and also revealed that since SecurID was breached last March, RSA had been working quietly behind the scenes with government and military contractor customers to replace their SecurID tokens. The company said it did so after forensic analysis of the RSA hack showed that the attackers were looking to obtain information they could use specifically to breach defense contractors.
“Certain characteristics of the attack on RSA indicated that the perpetrator’s most likely motive was to obtain an element of security information that could be used to target defense secrets and related IP, rather than financial gain, PII, or public embarrassment,” RSA Executive Chairman Art Coviello wrote in the letter. “For this reason, we worked with government agencies and companies in the defense sector to replace their tokens on an accelerated timetable as an additional precautionary measure.”
The company is now offering to work with other customers to replace their tokens as well.
Photo: RSA SecurID tokens (br2dotcom/Flickr)
See also:
