Monday, April 4, 2011

RSA release a few details on their big security breach - - 04 Apr 2011

In mid-march, Naked Security reported that RSA's executive chairman, Art Coviello, had revealed a doozie of a cyber-attack story: hackers had broken into RSA servers and stolen information related to the company's SecurID two-factor authentication products.

On Friday - ironically April Fool's day - Uri Rivner, head of new technologies and consumer identity protection, at RSA, posted a blog entry releasing additional details on the RSA security breach.

It is a very long article, which provides a few details of how the attack managed to penetrate their defences. Unfortunately, it does leave some big details out.
So, here are the bare bones of the attack, summarised from Rivner's post:

1. Attackers got their hands on specific employees' publicly available information. Unsurprisingly, social media sites are useful for both good guys and bad guys. By giving away employees' full names, job titles and company contact details, we inadvertently provide hackers and phishers with some of the necessary information to make a scam look legitimate. For example, if we know someone works in HR, then tailoring a bogus email for that department makes the attack more likely to succeed.

for more details visit

No comments: