Deepnet Authentication Solutions
Deepnet Resources

Deepnet DUALShield Overview
Why Deepnet DUALShield?
RSA Security Breach
Things You Can Secure
VPN
Websites
Cloud Apps
Windows Logon
Outlook Email
Virtual Desktops
Linux / ESX
Tokens - Your Choice!
On Demand
Software
Hardware
Biometric
Device DNA
Certificates
Use SafeStick as a Token
Deepnet in the Media
Deepnet FAQ
Product Demo
Datasheets / Case Studies
Download Software
request deepnet quotation Request a Quotation
Latest SafeConsole Version DUALShield Current Version :
5.4 April 2012

Related Products

AppAssure #1 Backup & DR
McAfee Email Protection
McAfee Web Filtering
SafeStick Encrypted USB

Further Assistance
Request a Call Back
Request a Live Feature Tour
Quick Enquiry Form

RSA Security Breach
SecurID Tokens Not secure.

RSA Security Compromised. 2 Factor Authentication Tokens At Risk.

On 17th March 2011 RSA posted an open letter on their website detailing an online attack which had resulted in "certain information being extracted from RSA's systems".  

Despite a "wall of silence" from RSA, as predicted this stolen data turned out to be the "Seed Files".  Data from which hackers can predict which one time password will be displayed on SecurID keyfob tokens - which renders them useless.

  • 26th May 2011.  Two large US Defense contractors Lockheed Martin and L3 Communications are attacked due to the RSA SecurID breach in March.   High profile, highly secure companies are directly targetted.
  • Update: 7th June 2011.  RSA offers to replace all tokens - but ONLY for customers who can prove they have "concentrated user bases typically focused on protecting intellectual property and corporate networks". 
  • Update: 8th June 2011.  Another US Defense contractor Northrop Grumman also attacked.  [more]

Softek Comments:

After months of silence, RSA SecurID customers have now been attacked directly.  RSA have now officially commented at least, and have at last offered to replace SOME customers tokens - but only if you meet their criteria.   

Such a replacement - while noble - does not address the core issue that this issue could happen again to the replacement tokens.  Additionally, replacing the tokens will take significant time, effort and cost a significant amount of money for customers directly, who have to manage re-registering the devices, and re-issuing the replacement to end users..

The fact is that SecurID tokens are now proven worthless, and security conscious customers should seriously consider their future use.

We have been receiving a significant number of enquiries from nervous RSA customers wanting to switch away to a secure, flexible technology. Customers can switch to Deepnet DUALShield for less than the RSA renewal costs so there is no impact on budgets, while security is ensured.

 

Details of the Initial RSA Hack;

Some of that information relates to the EMC-owned company's SecurID two-factor authentication (2FA) products.

  • A link to the full NSS Labs evaluation of this breach can be found below, summarising that RSA SecurID customers should immediately cease remote access, perform a risk assessment and consider alternative solutions.

A former RSA executive claimed that RSA's customers were still in the dark as to whether or not the vendor's centrally stored 'seed records' had been compromised.

"If this was the case, any tokens associated with those seed records would also be compromised".

"Our resellers and end users believe the seed records have been compromised," he said. "This would mean anyone with the Cain and Abel [password recovery] tool could compromise the second-factor token code so only the pin is left. RSA has suggested that customer data has been compromised but it hasn't confirmed whether it is seed data, nor has it denied it."

An RSA distributor commented: "It is very worrying and very scary. We have had a lot of inbound enquiries from partners and customers. The fact RSA has come out publicly and said it's a problem is the right thing to do."

Some further press articles on this matter can be found below.

Softek Advice

Of course this news is very concerning for RSA customers and resellers, however it has been a matter of speculation for some time that RSA seed files are not secure and such a compromise was only a matter of time. 

Companies, Government departments and all customers have been requesting reassurance that their own systems cannot be compromised - but unfortunately RSA is unable to provide such reassurances at this time. 

*NEW* Recent targetted attacks on US Goverment military defense contractors prove that SecurID tokens are not Secure.

Anyone with an RSA token simply doesn't know if they’re going to be compromised.  It is highly probable that RSA will have to rework, then initiate a recall of all tokens it has supplied.

Softek recommend that affected RSA customers temporarily disable all remote access, and install Deepnet DUALShield authentication solution. Deepnet can be deployed in minutes, is totally secure, and offers a wide range of flexible, cost effective software tokens delivered via such methods as SMS and email.

Further Reading

 

 

 



| Copyright Softek © 1994 - 2012 | Contact Us |
softek home