RSA comes clean, SecurID is compromised

[Maguscreed]

It took them long enough.

RSA Security will replace virtually every one of the 40 million SecurID tokens currently in use as a result of the hacking attack the company disclosed back in March. The EMC subsidiary issued a letter to customers acknowledging that SecurID failed to protect defense contractor Lockheed Martin, which last month reported a hack attempt.
SecurID tokens are used in two-factor authentication systems. Each user account is linked to a token, and each token generates a pseudo-random number that changes periodically, typically every 30 or 60 seconds. To log in, the user enters a username, password, and the number shown on their token. The authentication server knows what number a particular token should be showing, and so uses this number to prove that the user is in possession of their token.

RSA finally comes clean: SecurID is compromised

 

[FliGi7]

The media has no clue what information was relayed to defense contractors about the compromise, I can assure you. Good scaremongering article, though.

 

[Maguscreed]

Well the fact remains they were compromised. As to the level it's kind of a moot point.

 

[FliGi7]

That they were.

 

[fseal]

Things like this are so disheartning.

If you can't trust security companies to not get hacked, what hope is there for anyone, big, small, company or individual?

Laziness and stupidity are rampant desieses, even among the very people that should be niether and that you place your trust in. They take your money and they provide.... nothing at all? Worse, a false sence of security. And we are about to embark on a major foray into trusting the internet 10 times as much as we ever have with this cloud computing stuff.

Still waiting for the day when people "Get it togeather". Will probably die waiting...

 

[Maguscreed]

Well there is no unhackable system.
You would think a entity like this would be actively monitoring things with real live people instead of just software though. A living person can always cut the physical connection.
...and that's the only thing you can do in some instances.

There will come a day when you can't "not" use it and still have access to the internet like you do today.

Then I will miss the internet when that day comes.
I'll join it when I decide I'm comfortable taking my morning showers in my front yard.

 

[seekermeister]

Things like this are so disheartning.

If you can't trust security companies to not get hacked, what hope is there for anyone, big, small, company or individual?

Laziness and stupidity are rampant desieses, even among the very people that should be niether and that you place your trust in. They take your money and they provide.... nothing at all? Worse, a false sence of security. And we are about to embark on a major foray into trusting the internet 10 times as much as we ever have with this cloud computing stuff.

Still waiting for the day when people "Get it togeather". Will probably die waiting...

The obvious solution to Cloud is not to use it.

 

[Airbot]

There will come a day when you can't "not" use it and still have access to the internet like you do today.

 

[Maguscreed]

I've never understood the logic behind cloud computing. Though honestly I've personally had a large enough interest in it to delve in far enough to gain a deep understanding. I see it making sense on some level in a mostly closed internal network. The way they are talking about implementing it though. I honestly don't see it ever gaining popularity.

Perhaps in some sort of futuristic public terminal kind of capacity just for general information reasons. I just never see it as being viable for even most business and definitely not for home use though.

 

[seekermeister]

There will come a day when you can't "not" use it and still have access to the internet like you do today.

If that is so, then I will either take what ever kind of access that I can get without Cloud, or I will abandon the internet altogether. Since that might mean not being able to access apps and updates that would be needed, it could mean giving up the computer altogether.

Cloud will never cast it's shadow over me, I have my own light to walk by.

 

[FliGi7]

For an enterprise or government entity, the cloud offers offloading of risk and security management, particularly when there is FISMA and FIPS compliance. Whether or not it makes logical or monetary sense doesn't matter when it offers the former. It's much easier to point a finger than to build security into your infrastructure.

 

[lehnerus2000]

Standard Corporate Behaviour

I've never understood the logic behind cloud computing.

To convince people to pay for something they can already do themselves for "free".
Once they have your data, they can demand constant ever increasing "ransom" payments.

As an added bonus they can sift your data, sell it to "Madison Avenue" and you can receive spam 24/7.

Perhaps in some sort of futuristic public terminal kind of capacity just for general information reasons. I just never see it as being viable for even most business and definitely not for home use though.

It's aimed at the "clowns" who claim you can do everything on a netbook (or tablet) so you don't need a desktop.

 

[Win7User512]

RSA encryption is a great tool. It's a shame their implementation is flawed.

 

[FliGi7]

RSA encryption is a great tool. It's a shame their implementation is flawed.

Their implementation isn't flawed; they were hacked and someone stole integral information about it. RSA is very well implemented but it's obviously not a silver bullet, just like anything else. What's flawed is their network security.

 

[Win7User512]

RSA encryption is a great tool. It's a shame their implementation is flawed.

Their implementation isn't flawed; they were hacked and someone stole integral information about it. RSA is very well implemented but it's obviously not a silver bullet, just like anything else. What's flawed is their network security.

Oh, I see, the article isn't that well written and focuses more on their implementation than the fact they were hacked.

 

[FliGi7]

RSA encryption is a great tool. It's a shame their implementation is flawed.

Their implementation isn't flawed; they were hacked and someone stole integral information about it. RSA is very well implemented but it's obviously not a silver bullet, just like anything else. What's flawed is their network security.

Oh, I see, the article isn't that well written and focuses more on their implementation than the fact they were hacked.

Yea, the article is pretty bad.

 

[Maguscreed]

Yeah sorry about that article I linked it was just the first one I could find available that was more than one or two short sentences on the subject.

 

[FliGi7]

No worries, we're getting the gist of it all hashed out in here anyway. Information on that was/is hard to come by.

 

[Layback Bear]

The hacking smell's like a inside job to me. To me a cloud is some place other than your own where you information is stored. Like Face Book, Sony, email, ect. We all know what can happen when you loose control of your information. Security for cloud computing is 5 years behind where it should be. Cloud computing is being pushed because it's something to sell. Microsoft doesn't sell hard drives but they do sell clouds. This goes for many large companies who are slamming cloud computing up our ying yangs. When the cloud you use gets hacked what do the customers get. The company who owns the cloud says their sorry, they will fix the problem, on and on and on. Have a nice day. Your information is still hacked and you have no control. The RSA was hacked. You check you internal security and then you go back to RSA and pray it won't happen again. Is their another choice?

 

[FliGi7]

Are you sure you posted in the right thread? This has nothing to do with cloud computing.