Pages

Thursday, March 17, 2011

RSA hacked through advanced persistent threats

An article by TechTarget claims that RSA has been hacked through an APT (advanced persistent attack). An advanced persistent attack is a custom developed Trojan, which is not detected by any of the anti-viruses. Usually once the Trojan has been planted, it stays in the system dormant for a long time, trying to remain undetected, and strikes at an opportune moment.
What's worrying is that an article claims that this attack could potentially be used to reduce effectiveness of SecurID two-factor authentication.

I highly doubt that this is the case, because a SecurID is effectively a series of cryptographically secure pseudorandom numbers F_SK(x) generated from a seed SK, for varying inputs x typically derived from the clock. The details of SecurID algorithm are confidential, but I would guess the seeds SK are unique per each user and are stored on RSA SecurID servers, hosted by individual companies. Because the servers are hosted outside of RSA network, it's unlikely that seeds can be stolen. I would also hope that RSA algorithm is sound, so even if it's known, it should have no impact.




Reactions:

5 comments:

Website content writing or help with dissertation is not everybody's it is very convenient to click copy and paste than to form between hands and brains. it demands a lot of skills to develop a single piece of writing.

To going to be reluctant to name names a lot of the time because they do business in certain countries too. Coursework for sale – courseworkpoint.co.uk

This attack could potentially be used to reduce effectiveness of SecurID two-factor authentication. I have seen a article related to this post in case study report writing service.

Currently available antiviruses are not able to detect Trojen. This is one of the main drawbacks. I have written an article about advanced persistent attack and you can buy it by using the option buy dissertation online

Post a Comment