Monday, March 28, 2011
Along with RSA being targeted in a Cyber Attack, PHP.net, Comodo, MySQL.com, and Sun.com have all been compromised in the last two weeks. MySQL.com was compromised by a blind SQL injection. To learn more, read these articles at MySQL.com or InfoWorld.com.
According to RKON Senior Security Architect Chris Serafin, “these attacks against high-profile targets are indicative of how the threat environment continues to change and evolve.” Contact RKON today to learn how our security services and vulnerability testing can help protect your organization from these threats.
Friday, March 18, 2011
RSA reported that their security systems identified an extremely sophisticated cyber attack being mounted against them. They are taking a variety of aggressive measures against the threat to protect their business and their customers. At this time, they have no evidence showing that customer security related to RSA products has been impacted.
According to RKON Network Security Consultant Michael Atkinson, “In order to successfully defeat SecurID without physical possession of a token, an attacker would need to have RSA’s algorithm, the random “seed” used by a specific token, the username associated with that token, the user’s PIN, and the correct time. To the best of my knowledge, RSA has not stated what information was compromised, but in the worst case scenario where the attackers had the algorithm and the seeds for each of your tokens, they still would not have the correct username and PIN associated with each token. That information is not in RSA’s possession and could not have been compromised by the reported attack.”
RKON will stay on top of this issue and inform you of any news. For more information visit the RSA website or contact RKON.