(Image: New Scientist)Hackers mounting an "extremely sophisticated cyber attack" have broken in to the servers of security firm RSA and stolen information linked to the company's SecurID tokens, which are widely used to grant secure access to corporate networks and online bank accounts.
In an open letter on the RSA website, executive chairman Arthur Coviello said the security leak does not pose a direct risk to SecurID users, but the stolen information could be used as part of a "broader attack". It's not clear exactly what that means, but Rich Mogull of information security research firm Securosis suggests that the attackers may have gained the ability to generate valid token values in some cases.
SecurID tokens work by generating an authentication code that users enter in to their computer to gain access to their network or bank account. The token system generates a new code every 30 or 60 seconds, and is normally combined with a separate password. Mogull suggests that if attackers already know a user's password they could potentially generate a valid token and access the system.
This hypothesis seems to agree with recommendations made by RSA's parent company EMC in a filing with the US Securities and Exchange Commission. One document urges RSA customers to ensure their employees use strong passwords and avoid suspicious emails requesting usernames or other credentials. EMC also states that the matter won't "have a material impact on its financial results".
If you personally use a SecurID token, there's probably very little you can do right now to increase your security, but there's also little you actually need to do. Coviello says that RSA is "very actively communicating" with its customers about the steps needed to ensure security, so your employer or bank should soon be in touch with more information.
0 comments:
Post a Comment