Those little secure token devices – Will be replaced

RSA Secure Token Examples

If you have ever been around a person who ‘has to login to work computer’ or personally worked for companies that require you to carry around little ever changing digital display keychain token device which changes a code every 20 seconds, you are aware the employer is serious about security.

Recently, RSA – the company most known for these devices – had a security breach. In response to this, they just announced they will reissue all these devices to ensure that they can not be spoofed.

The RSA has done a lot to admit to the public what has happened. The simple reason why they had an attack was someone who works for them clicked on an email attachment that was called Recruitment 2011.xls This was actually an infection – but not the kind that wrecks the computer. This infection is actually a program that sits on the machine and watches what the user is doing.  The ‘hacker’ learns over time about the person’s role in the company, what branch they are a part of, and then the hacker figures out how they will attack internally – to gain knowledge.  For those interested in technical details, you can go directly to the RSA blog site and read up on this  here and here.

The strange thing about the RSA blog post is not so much what the RSA blogger writes, but the actual comments below the blog post. One would think that these comments are from people who want to learn and be intelligent about security. In fact – a lot of these people spend more time insulting the RSA than helping or adding any value to the information on the blog posts.

The Internet is still a terrific place to learn and have fun. It is also a virtual war theater allowing corporate espionage and other countries to attack competition and intelligence groups respectively.  The tools used today to attack are so much more sophisticated than what was available just two years ago. The reputation of who a hacker is and what is motives are still remain today as a stereotype, but these people are no longer in a house in some US suburb. They are all over the world. In fact, the entire China government cyber employee force is larger than the total number of people who are policeman for the United States. This excludes all the mafias and criminal rings that are also endlessly pursuing attacks.

I hope the future holds more solidarity with security professionals instead of these kinds of insults. I ‘understand’ that the RSA is a major security corporation, one that security professionals rely on for secure help. At the same time, this attack is moreso a wake  up call to corporate America that even the most reputable security organizations are subject to attacks.

I know I am probably an idealist, but we are running out of time to simply insult one another when we are being attacked daily. From a computer culture standpoint, the West needs more sincere discussions on line and less insulting comments.  We will be a stronger cyber nation as a result of this unfortunate event. I know RSA will only get better with  fall out of this event.

Advertisements

2 thoughts on “Those little secure token devices – Will be replaced

  1. Well put Ari – the insults and back-biting are completely counter-productive . What good is it to make sport of an organization that 1) was the victim of a targeted cyber attack; 2) that is taking an immense business and brand hit for the response; 3) that is doing what it can to help its customers stay secure; and 4) is getting torn apart in the media, on twitter and all the other security forums for trying to do the right thing…It’s a vicious world out there and the highly negative mob mentality frequently prevails, especially when fueled by salacious and inaccurate media articles and blogs that overly simplify the issue.

  2. Pingback: RSA Tokens – Follow Up Investigation « Ari’s Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s