• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Security of SecurID In Question Following Hack of RSA

    March 30, 2011 Alex Woodie

    Following the disclosure by RSA Security over the weekend that its computers had been hacked and information relating to its two-factor authentication software, called SecurID, had been compromised, customers that rely on RSA’s software are wondering what steps they should take next.

    In an open letter to RSA customers, RSA’s executive chairman Art Coviello Jr. explained that RSA recently discovered that it was the victim of an “extremely sophisticated cyber attack,” dubbed an Advanced Persistent Threat (APT) attack. The company’s security pros caught the attack as it was in progress, and immediately took steps to harden the RSA systems so it couldn’t happen again, he says.

    During a subsequent investigation, RSA discovered that the attack “resulted in certain information being extracted from RSA’s systems,” including information about SecurID, one of the EMC subsidiary’s most popular products.

    “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack,” Coviello says.

    While Coviello says there is no evidence that any SecurID customers have been compromised as a result of the attack, it is clear from RSA’s statement that it believes the hack and subsequent transfer of sensitive data to cyber criminals could conceivably play some type of supporting role in a compromise of a customer’s system.

    When installed, SecurID uses two things–a cryptographic key that lives on some type of token, and a password that lives in somebody’s head–to grant or deny a requesting user access to a system. Even if RSA’s complete database was hacked, and cyber criminals are distributing copies of customers’ crypto keys as we speak–the worst case scenario–that doesn’t automatically mean that SecurID customers will soon become the subject of a “successful direct attack,” as EMC puts it.

    RSA isn’t sharing a lot of specific information about the attack, and what it means for SecurID customers. In a post to its Securcare online support system, the company states: “We strongly urge immediate customer attention to this advisory, and we are providing immediate remediation steps for customers to take to strengthen their RSA SecurID implementations.”

    Several IBM i security software companies are partners with RSA, and make products that allow IBM i servers to utilize RSA’s crypto keys, including Safestone, Townsend Security, and others.

    This article has been corrected. Powertech‘s IBM i security software does not integrate with RSA’s SecurID product. It previously sold a product that integrated with a different RSA encryption product. IT Jungle regrets the error.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    WorksRight Software

    Do you need area code information?
    Do you need ZIP Code information?
    Do you need ZIP+4 information?
    Do you need city name information?
    Do you need county information?
    Do you need a nearest dealer locator system?

    We can HELP! We have affordable AS/400 software and data to do all of the above. Whether you need a simple city name retrieval system or a sophisticated CASS postal coding system, we have it for you!

    The ZIP/CITY system is based on 5-digit ZIP Codes. You can retrieve city names, state names, county names, area codes, time zones, latitude, longitude, and more just by knowing the ZIP Code. We supply information on all the latest area code changes. A nearest dealer locator function is also included. ZIP/CITY includes software, data, monthly updates, and unlimited support. The cost is $495 per year.

    PER/ZIP4 is a sophisticated CASS certified postal coding system for assigning ZIP Codes, ZIP+4, carrier route, and delivery point codes. PER/ZIP4 also provides county names and FIPS codes. PER/ZIP4 can be used interactively, in batch, and with callable programs. PER/ZIP4 includes software, data, monthly updates, and unlimited support. The cost is $3,900 for the first year, and $1,950 for renewal.

    Just call us and we’ll arrange for 30 days FREE use of either ZIP/CITY or PER/ZIP4.

    WorksRight Software, Inc.
    Phone: 601-856-8337
    Fax: 601-856-9432
    Email: software@worksright.com
    Website: www.worksright.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    SEQUEL Software:  FREE Webinar: Overcoming query limits with SEQUEL. March 23
    Northeast User Groups Conference:  21th Annual Conference, April 11 - 13, Framingham, MA
    looksoftware:  Integrate IBM i apps with web services. FREE on-demand webinar and white paper!

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    Automatically Deleting Spooled Files through Expiration Dates AS/400 i Mystery Solved–Again?

    Leave a Reply Cancel reply

Volume 11, Number 11 -- March 22, 2011
THIS ISSUE SPONSORED BY:

Maxava
Help/Systems
ASNA
Linoma Software
Shield Advanced Solutions

Table of Contents

  • Security of SecurID In Question Following Hack of RSA
  • ExtraHop Adds DB2 to Database Performance-Tracking Repertoire
  • InterForm Sees New Opportunities in IBM i Forms Management
  • Early Adopters of Profound UI Pleased
  • Quadrant Touts Replacement for Withdrawn IBM Domino Fax for i5/OS
  • PowerTech to Release Annual IBM i Security Survey
  • Magic Offers Free Version of uniPaaS
  • i365 Launches Virtualized EVault for Microsoft DPM Offering
  • CCSS Takes Aim at IBM i Availability in New Guide
  • Infor Touts License Fee Growth, Expansion Plans

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25
  • Meet The Next Gen Of IBMers Helping To Build IBM i
  • Looks Like IBM Is Building A Linux-Like PASE For IBM i After All
  • Will Independent IBM i Clouds Survive PowerVS?
  • Now, IBM Is Jacking Up Hardware Maintenance Prices
  • IBM i PTF Guide, Volume 27, Number 24

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle