Primary links

RSA Insecure Tokens - Now What?

Yesterday RSA announced their SecurID system was breached.

Bonus points to RSA for using a phrase that's provided humor for 2 years (APT)1.

It's not clear what data was compromised or if RSA stores the initial seeds, but Intrepidus Group did a good writeup about what this may mean to end users. Sounds like there's no need to freak out just yet, but that doesn't mean we can't point and laugh. This is not yet necessary.

RSA can't secure their site, and you want to put their sw token on your phones? (Oh @#$ck I have their sw token on my phone...not anymore!)


1: You meant that as humor, right RSA? As an upstanding well respected (work with me) security company, you wouldn't possibly be attempting to shill your wonderful (I said work with me) products by using FUD that the infosec community's been giggling at for over a year now, would you?