Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 09, 2016, 09:07:12 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Security by obscurity fails again (RSA)  (Read 1272 times)

daddydave

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 822
    • View Profile
    • Donate to Member
Security by obscurity fails again (RSA)
« on: June 07, 2011, 08:36:22 PM »
Quote
RSA Security will replace virtually every one of the 40 million SecurID tokens currently in use as a result of the hacking attack the company disclosed back in March. The EMC subsidiary issued a letter to customers acknowledging that SecurID failed to protect defense contractor Lockheed Martin, which last month reported a hack attempt....

RSA Security Chairman Art Coviello said that the reason RSA had not disclosed the full extent of the vulnerability because doing so would have revealed to the hackers how to perform further attacks. RSA's customers might question this reasoning; the Lockheed Martin incident suggests that the RSA hackers knew what to do anyway—failing to properly disclose the true nature of the attack served only to mislead RSA's customers about the risks they faced.



breaking_window-thumb-640xauto-22323.jpg



from Ars Technica (hate that graphic)
If bad things happen to other people, it's karma. If bad things happen to me, it's kismat!
« Last Edit: June 08, 2011, 04:56:29 AM by daddydave »

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Re: Security by obscurity fails again (RSA)
« Reply #1 on: June 08, 2011, 10:27:44 AM »
IMO not disclosing the full extent of the vulnerability serves no real purpose other than to allow RSA to attempt to hide, from its SecurID customers, the the sand their castles are built on.  :-\

As the article pointed out, the hackers already seemed to know what to do.
« Last Edit: June 08, 2011, 10:34:37 AM by 40hz »

phitsc

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 1,187
    • View Profile
    • Donate to Member
Re: Security by obscurity fails again (RSA)
« Reply #2 on: June 08, 2011, 01:45:53 PM »
Good timing with the replacement. Mine just got broken ;) I hope they use the chance to make them a bit more sturdy :)