It’s been about a week since the RSA breach was announced, so I thought I’d poke around a bit to see if there is anything new on the issue.
Unfortunately, there have been few details since the initial announcement, but to be honest, the articles I’ve read all have an air of real concern hovering in them. Like this quote from Bruce Schneier, chief security technology officer at BT and security blogger, posted at SC Magazine UK:
There seems to be two likely scenarios if the attackers have compromised SecurID. One, they are a sophisticated organisation who wants the information for a specific purpose. The attackers actually are on RSA’s side in the public-relations spin, and we’re unlikely to see widespread use of this information. Or two, they stole the stuff for conventional criminal purposes and will sell it. In that case, we’re likely to know pretty quickly.
Again, without detailed information or at least an impartial assessment, it’s impossible to make any recommendations. Security is all about trust, and when trust is lost there is no security. Users of SecurID trusted RSA to protect the secrets necessary to secure that system. To the extent they did not, the company has lost its customers’ trust.
Donna Howell at Investor’s Business Daily thinks the breach is cause for concern but not panic:
Depending on what data attackers got, experts think it could even spur RSA to recall some of the millions of “security tokens” used by its customers. But RSA parent EMC said it does not believe the matter will have a material impact on its financial results, and the company’s stock rose a fraction on Friday.
While the RSA breach has some wondering about the future of the two authentication systems, others, like Tenable CSO Marcus Ranum think it is a wake-up call, especially for industry. In a conversation with GovInfoSecurity.com, Ranum said:
It shows that malware is not something that you can just blow off. These spear phishing attacks and these types of deep penetration are a serious problem.