Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

RSA SecureID kompromitovan

[es] :: Security :: Kriptografija i enkripcija :: RSA SecureID kompromitovan

[ Pregleda: 3946 | Odgovora: 19 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

ventura

Član broj: 32
Poruke: 7781
*.dynamic.sbb.rs.



+6455 Profil

icon RSA SecureID kompromitovan17.03.2011. u 22:44 - pre 138 meseci
Open Letter to RSA Customers

Like any large company, EMC experiences and successfully repels multiple cyber attacks on its IT infrastructure every day. Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.

Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.

We have no evidence that customer security related to other RSA products has been similarly impacted. We are also confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident.

Our first priority is to ensure the security of our customers and their trust. We are committed to applying all necessary resources to give our SecurID customers the tools, processes and support they require to strengthen the security of their IT systems in the face of this incident. Our full support will include a range of RSA and EMC internal resources as well as close engagement with our partner ecosystems and our customers' relevant partners.

We regret any inconvenience or concern that this attack on RSA may cause for customers, and we strongly urge you to follow the steps we've outlined in our SecurCare Online Note. APT threats are becoming a significant challenge for all large corporations, and it's a topic I have discussed publicly many times. As appropriate, we will share our experiences from these attacks with our customers, partners and the rest of the security vendor ecosystem and work in concert with these organizations to develop means to better protect all of us from these growing and ever more sophisticated forms of cyber security threat.

Sincerely,

Art Coviello
Executive Chairman, RSA

Izvor: http://www.rsa.com/node.aspx?id=3872

------------------
U prevodu, izgleda je skroz provaljen čim CEO javno objavljuje "the attack resulted in certain information being extracted from RSA's systems", a ono APT (Advanced Persistent Threat) znači da je u pitanju ne-NSA, odnosno neko drugi osim amera, i to je ustvari frka.
 
Odgovor na temu

ventura

Član broj: 32
Poruke: 7781
*.dynamic.sbb.rs.



+6455 Profil

icon Re: RSA SecureID kompromitovan17.03.2011. u 22:56 - pre 138 meseci
Evo i detaljnijih informacija:

SCOL Note Title: Required Actions for SecurID Installations

Dear RSA SecurCare ® Online Customer,

Summary:

We have determined that a recent attack on RSA’s systems has resulted in certain information being extracted from RSA’s systems that relates to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. RSA urges immediate action.

Description:

Recently EMC’s security systems identified an extremely sophisticated cyber attack in progress, targeting our RSA business unit. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.
Our investigation has revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.
We strongly urge immediate customer attention to this advisory, and we are providing immediate remediation steps for customers to take to strengthen their RSA SecurID implementations.

Affected Products:

The affected products are RSA SecurID implementations.

Overall Recommendations:

RSA strongly urges customers to follow both these overall recommendations and the recommendations available in the best practices guides linked to this note.

We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.
• We recommend customers enforce strong password and pin policies.
• We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators.
• We recommend customers re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts.
• We recommend customers pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories.
• We recommend customers watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes.
• We recommend customers harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software.
• We recommend customers examine their help desk practices for information leakage that could help an attacker perform a social engineering attack.
• We recommend customers update their security products and the operating systems hosting them with the latest patches.

For RSA product-specific recommendations, please follow the links below to the Security Best Practices Guides for each product. If you are unable to access the files via RSA SecurCare, please contact support at:

U.S.: 1-800-782-4362, Option #5 for RSA, Option #1 for SecurCare note

Canada: 1-800-543-4782, Option #5 for RSA, Option #1 for SecurCare note

International: +1-508-497-7901, Option #5 for RSA, Option #1 for SecurCare note
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16279
*.dip.t-dialin.net.



+7106 Profil

icon Re: RSA SecureID kompromitovan17.03.2011. u 23:22 - pre 138 meseci
Koliko ja kapiram ovo, izgleda da je provaljen taj njihov SecurID - a ne sam RSA algoritam.

Konfuzija je verovatno zbog samog imena firme (RSA)
DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

mmix
Miljan Mitrović
Profesorkin muz
Passau, Deutschland

SuperModerator
Član broj: 17944
Poruke: 6033



+4628 Profil

icon Re: RSA SecureID kompromitovan18.03.2011. u 08:16 - pre 138 meseci
Ne razumem sta bi to moglo da bude? Sem ako nije spisak seed kljuceva za SecureID tokene.


Sloba je za 12 godina promenio antropološki kod srpskog naroda. On je od jednog naroda koji je bio veseo, pomalo površan, od jednog naroda koji je bio znatiželjan, koji je voleo da vidi, da putuje, da upozna,
od naroda koji je bio kosmopolitski napravio narod koji je namršten, mrzovoljan, sumnjicav, zaplašen, narod koji se stalno nešto žali, kome je stalno neko kriv… - Z.Đinđić
 
Odgovor na temu

maksvel

Član broj: 107376
Poruke: 2417

Jabber: maksvel
Sajt: maksvel.in.rs


+161 Profil

icon Re: RSA SecureID kompromitovan18.03.2011. u 08:41 - pre 138 meseci
Dezinformativno je da ova tema stoji na naslovnoj ES-a, ako RSA algoritam nije provaljen, već sistem firme RSA.

 
Odgovor na temu

EArthquake

Član broj: 20684
Poruke: 884
*.dynamic.sbb.rs.



+67 Profil

icon Re: RSA SecureID kompromitovan18.03.2011. u 08:50 - pre 138 meseci
svaka cast za FUD naslov :)
 
Odgovor na temu

mmix
Miljan Mitrović
Profesorkin muz
Passau, Deutschland

SuperModerator
Član broj: 17944
Poruke: 6033



+4628 Profil

icon Re: RSA SecureID kompromitovan18.03.2011. u 09:04 - pre 138 meseci
FUD be gone
Sloba je za 12 godina promenio antropološki kod srpskog naroda. On je od jednog naroda koji je bio veseo, pomalo površan, od jednog naroda koji je bio znatiželjan, koji je voleo da vidi, da putuje, da upozna,
od naroda koji je bio kosmopolitski napravio narod koji je namršten, mrzovoljan, sumnjicav, zaplašen, narod koji se stalno nešto žali, kome je stalno neko kriv… - Z.Đinđić
 
Odgovor na temu

EArthquake

Član broj: 20684
Poruke: 884
*.dynamic.sbb.rs.



+67 Profil

icon Re: RSA SecureID kompromitovan18.03.2011. u 09:33 - pre 138 meseci
e sad ... :)


anywayz, ovo Advancer Persistent Threat treba u stvari da se razume kao "ownao nas ko zna ko , ali nas je sramota da priznamo da je u stvario bio SQL injection..."
 
Odgovor na temu

ventura

Član broj: 32
Poruke: 7781
*.dynamic.isp.telekom.rs.



+6455 Profil

icon Re: RSA SecureID kompromitovan18.03.2011. u 09:38 - pre 138 meseci
Da je nešto banalno poput toga, ne bi CEO pisao open letter i sigurno ne bi fillovali 8-K...
 
Odgovor na temu

EArthquake

Član broj: 20684
Poruke: 884
*.dynamic.sbb.rs.



+67 Profil

icon Re: RSA SecureID kompromitovan18.03.2011. u 09:47 - pre 138 meseci
zasto nebi?

nije sramota priznati da te je napala neka opasna organizacija izuzetno sofisticiranim napadima ,
priznati da su upali pomocu SQL injectiona jeste sramota

u svakom slucaju , rezultat je isti, neko je pokupio podatke po koje je dosao

naravno , nemam pojma kako se napad odigravao samo sam malo okrenuo na salu posto u zadnje vreme sve nazivaju APTom , zaplasili ih /b/ i anonymous ...
 
Odgovor na temu

mmix
Miljan Mitrović
Profesorkin muz
Passau, Deutschland

SuperModerator
Član broj: 17944
Poruke: 6033



+4628 Profil

icon Re: RSA SecureID kompromitovan18.03.2011. u 10:02 - pre 138 meseci
Ako ne fajluje 8-K moze da zaglavi robiju, ovo je njihov biznis i non-disclosure investitorima predstavlja krsenje fiduciary obaveza.
Sloba je za 12 godina promenio antropološki kod srpskog naroda. On je od jednog naroda koji je bio veseo, pomalo površan, od jednog naroda koji je bio znatiželjan, koji je voleo da vidi, da putuje, da upozna,
od naroda koji je bio kosmopolitski napravio narod koji je namršten, mrzovoljan, sumnjicav, zaplašen, narod koji se stalno nešto žali, kome je stalno neko kriv… - Z.Đinđić
 
Odgovor na temu

n0m4d
Republika Dorćol

Član broj: 279158
Poruke: 7
*.dynamic.sbb.rs.



+1 Profil

icon Re: RSA SecureID kompromitovan18.03.2011. u 21:26 - pre 138 meseci
Nije fud i nije banalno. Jos uvek nije saopsteno koja je informacija je procurela a korisnici su kontaktirani kako bi se ojacala SecurID implementacija.

http://www.nytimes.com/2011/03...secure.html?_r=1&src=busln
http://news.cnet.com/8301-27080_3-20044455-245.html

A kako SANS kaze:

--RSA Deeply Penetrated; Says SecurID Information Stolen
(March 17 & 18, 2011)
An "extremely sophisticated cyber attack against RSA" may have
compromised the security of RSA SecurID two-factor authentication
products. In an attack preliminarily identified as an Advanced
Persistent Threat, digital information relating to SecurID tokens was
stolen from RSA systems. The company is contacting customers to let them
know of the breach and to offer suggestions for "strengthen[ing] their
SecurID implementations." Forty million SecurID tokens have been
deployed; they are often used to conduct financial transactions and at
government agencies.
 
Odgovor na temu

mmix
Miljan Mitrović
Profesorkin muz
Passau, Deutschland

SuperModerator
Član broj: 17944
Poruke: 6033



+4628 Profil

icon Re: RSA SecureID kompromitovan18.03.2011. u 21:32 - pre 138 meseci
Naslov je promenjen u medjuvremenu
Sloba je za 12 godina promenio antropološki kod srpskog naroda. On je od jednog naroda koji je bio veseo, pomalo površan, od jednog naroda koji je bio znatiželjan, koji je voleo da vidi, da putuje, da upozna,
od naroda koji je bio kosmopolitski napravio narod koji je namršten, mrzovoljan, sumnjicav, zaplašen, narod koji se stalno nešto žali, kome je stalno neko kriv… - Z.Đinđić
 
Odgovor na temu

EArthquake

Član broj: 20684
Poruke: 884
*.dynamic.sbb.rs.



+67 Profil

icon Re: RSA SecureID kompromitovan19.03.2011. u 02:31 - pre 138 meseci
hihihihi "deeply penetrated"


nego , idemo nove zavere, php.net ownan , source backdoorovan ...
 
Odgovor na temu

combuster
Ivan Bulatovic
Kraljevo

Član broj: 151351
Poruke: 4563
*.dynamic.isp.telekom.rs.

Sajt: www.linuxsrbija.org


+104 Profil

icon Re: RSA SecureID kompromitovan19.03.2011. u 12:13 - pre 138 meseci
Kazu da su im haknuli wiki i da source nije ni pipnut :)
make love - !war
 
Odgovor na temu

EArthquake

Član broj: 20684
Poruke: 884
*.dynamic.sbb.rs.



+67 Profil

icon Re: RSA SecureID kompromitovan19.03.2011. u 19:31 - pre 138 meseci
rekoh zavere ... :D
 
Odgovor na temu

Impaler

Član broj: 89808
Poruke: 85



+21 Profil

icon Re: RSA SecureID kompromitovan24.03.2011. u 14:18 - pre 138 meseci
evo jpoš malo zavere :
http://www.f-secure.com/weblog/archives/00002128.html

Citat:
SSL certificates are used by websites to confirm their identity to end users.

comodogateCertificate vendor Comodo has announced today that nine rogue certificates were issued through them. These certificates were issued for:

* mail.google.com (GMail)
* login.live.com (Hotmail et al)
* www.google.com
* login.yahoo.com (three certificates)
* login.skype.com
* addons.mozilla.org (Firefox extensions)
* "Global Trustee"



According to Comodo, the registrations seemed to be coming from Tehran, Iran and they believe that because of the focus and speed of the attack, it was "state-driven".




[Ovu poruku je menjao Impaler dana 24.03.2011. u 15:39 GMT+1]
NO FATE
 
Odgovor na temu

mmix
Miljan Mitrović
Profesorkin muz
Passau, Deutschland

SuperModerator
Član broj: 17944
Poruke: 6033



+4628 Profil

icon Re: RSA SecureID kompromitovan24.03.2011. u 20:23 - pre 138 meseci
MS je vec reagovao, urgent update je izasao
http://www.microsoft.com/technet/security/advisory/2524375.mspx

vec ga imam u update listi. predlazem svima da ga instaliraju.
Sloba je za 12 godina promenio antropološki kod srpskog naroda. On je od jednog naroda koji je bio veseo, pomalo površan, od jednog naroda koji je bio znatiželjan, koji je voleo da vidi, da putuje, da upozna,
od naroda koji je bio kosmopolitski napravio narod koji je namršten, mrzovoljan, sumnjicav, zaplašen, narod koji se stalno nešto žali, kome je stalno neko kriv… - Z.Đinđić
 
Odgovor na temu

EArthquake

Član broj: 20684
Poruke: 884
*.dynamic.sbb.rs.



+67 Profil

icon Re: RSA SecureID kompromitovan01.04.2011. u 23:05 - pre 138 meseci
haha APT ...

ownowali ih mail phishingom , flash 0day (koji vise nije 0day doduse) isti onaj o kom smo pricali na advocacy...

http://blogs.gartner.com/aviva...they-should-have-known-better/

nadam se da ovo nije april fools ...
...
 
Odgovor na temu

combuster
Ivan Bulatovic
Kraljevo

Član broj: 151351
Poruke: 4563
*.dynamic.isp.telekom.rs.

Sajt: www.linuxsrbija.org


+104 Profil

icon Re: RSA SecureID kompromitovan03.04.2011. u 16:59 - pre 138 meseci
http://itnews.com/security/306...ed-flash-zero-day-bug?page=0,0

Ma da :)

STA CE FLASH INSTALIRAN NA RACUNARIMA KOMPANIJE KAO STO JE RSA ??? I ako je vec preko potreban zasto masine nisu izolovane van mreze i racunara koji sadrze poverljive dokumente ? Da, da, lesson learned...
make love - !war
 
Odgovor na temu

[es] :: Security :: Kriptografija i enkripcija :: RSA SecureID kompromitovan

[ Pregleda: 3946 | Odgovora: 19 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.