RSA Offers to Replace SecurIDs
6/7/2011 7:10 AM
RSA Security is offering to provide security monitoring and replace its well-known SecurID tokens—devices used by millions of corporate workers to securely log on to their computers—"for virtually every customer we have," the company's Chairman Art Coviello said in an interview.
In a letter to customers Monday, the EMC Corp. unit openly acknowledged for the first time that intruders had breached its security systems at defense contractor Lockheed Martin Corp. using data stolen from RSA.
SecurID tokens have become a fixture of office life at thousands of corporations, used when employees log onto computers or sensitive software systems. The token is an essential piece of security, acting as an ever-changing password that flashes a series of six digits that should be virtually impossible to duplicate.
These SecurIDs appear to be fairly broadly used in healthcare and just go to show that the key chain is critical to protect and that security also is all about the ability to detect and report on errors – especially human caused.
[Update:] Bloomberg has some good detail on exactly how those RSA security keys were ripped off - by sending an Excel document with an interesting name, but a Adobe Flash based virus inside. A great quote from the article:
“Rule No. 1 is, don’t open suspicious links. Rule No. 2 is, see Rule No. 1. Rule No. 3 is, see Rules 1 and 2.” - Mike Rasch, Computer Science Corporation