[ ventura @ 17.03.2011. 22:44 ] @
||Open Letter to RSA Customers|
Like any large company, EMC experiences and successfully repels multiple cyber attacks on its IT infrastructure every day. Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.
Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.
We have no evidence that customer security related to other RSA products has been similarly impacted. We are also confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident.
Our first priority is to ensure the security of our customers and their trust. We are committed to applying all necessary resources to give our SecurID customers the tools, processes and support they require to strengthen the security of their IT systems in the face of this incident. Our full support will include a range of RSA and EMC internal resources as well as close engagement with our partner ecosystems and our customers' relevant partners.
We regret any inconvenience or concern that this attack on RSA may cause for customers, and we strongly urge you to follow the steps we've outlined in our SecurCare Online Note. APT threats are becoming a significant challenge for all large corporations, and it's a topic I have discussed publicly many times. As appropriate, we will share our experiences from these attacks with our customers, partners and the rest of the security vendor ecosystem and work in concert with these organizations to develop means to better protect all of us from these growing and ever more sophisticated forms of cyber security threat.
Executive Chairman, RSA
U prevodu, izgleda je skroz provaljen čim CEO javno objavljuje "the attack resulted in certain information being extracted from RSA's systems", a ono APT (Advanced Persistent Threat) znači da je u pitanju ne-NSA, odnosno neko drugi osim amera, i to je ustvari frka.
[ ventura @ 17.03.2011. 22:56 ] @
Evo i detaljnijih informacija:
SCOL Note Title: Required Actions for SecurID Installations
Dear RSA SecurCare ® Online Customer,
We have determined that a recent attack on RSA’s systems has resulted in certain information being extracted from RSA’s systems that relates to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. RSA urges immediate action.
Recently EMC’s security systems identified an extremely sophisticated cyber attack in progress, targeting our RSA business unit. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.
Our investigation has revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.
We strongly urge immediate customer attention to this advisory, and we are providing immediate remediation steps for customers to take to strengthen their RSA SecurID implementations.
The affected products are RSA SecurID implementations.
RSA strongly urges customers to follow both these overall recommendations and the recommendations available in the best practices guides linked to this note.
• We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.
• We recommend customers enforce strong password and pin policies.
• We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators.
• We recommend customers re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts.
• We recommend customers pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories.
• We recommend customers watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes.
• We recommend customers harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software.
• We recommend customers examine their help desk practices for information leakage that could help an attacker perform a social engineering attack.
• We recommend customers update their security products and the operating systems hosting them with the latest patches.
For RSA product-specific recommendations, please follow the links below to the Security Best Practices Guides for each product. If you are unable to access the files via RSA SecurCare, please contact support at:
U.S.: 1-800-782-4362, Option #5 for RSA, Option #1 for SecurCare note
Canada: 1-800-543-4782, Option #5 for RSA, Option #1 for SecurCare note
International: +1-508-497-7901, Option #5 for RSA, Option #1 for SecurCare note
[ Ivan Dimkovic @ 17.03.2011. 23:22 ] @
Koliko ja kapiram ovo, izgleda da je provaljen taj njihov SecurID - a ne sam RSA algoritam.
Konfuzija je verovatno zbog samog imena firme (RSA)
[ mmix @ 18.03.2011. 08:16 ] @
Ne razumem sta bi to moglo da bude? Sem ako nije spisak seed kljuceva za SecureID tokene.
[ maksvel @ 18.03.2011. 08:41 ] @
Dezinformativno je da ova tema stoji na naslovnoj ES-a, ako RSA algoritam nije provaljen, već sistem firme RSA.
[ EArthquake @ 18.03.2011. 08:50 ] @
svaka cast za FUD naslov :)
[ mmix @ 18.03.2011. 09:04 ] @
FUD be gone
[ EArthquake @ 18.03.2011. 09:33 ] @
e sad ... :)
anywayz, ovo Advancer Persistent Threat treba u stvari da se razume kao "ownao nas ko zna ko , ali nas je sramota da priznamo da je u stvario bio SQL injection..."
[ ventura @ 18.03.2011. 09:38 ] @
Da je nešto banalno poput toga, ne bi CEO pisao open letter i sigurno ne bi fillovali 8-K...
[ EArthquake @ 18.03.2011. 09:47 ] @
nije sramota priznati da te je napala neka opasna organizacija izuzetno sofisticiranim napadima ,
priznati da su upali pomocu SQL injectiona jeste sramota
u svakom slucaju , rezultat je isti, neko je pokupio podatke po koje je dosao
naravno , nemam pojma kako se napad odigravao samo sam malo okrenuo na salu posto u zadnje vreme sve nazivaju APTom , zaplasili ih /b/ i anonymous ...
[ mmix @ 18.03.2011. 10:02 ] @
Ako ne fajluje 8-K moze da zaglavi robiju, ovo je njihov biznis i non-disclosure investitorima predstavlja krsenje fiduciary obaveza.
[ n0m4d @ 18.03.2011. 21:26 ] @
Nije fud i nije banalno. Jos uvek nije saopsteno koja je informacija je procurela a korisnici su kontaktirani kako bi se ojacala SecurID implementacija.
A kako SANS kaze:
--RSA Deeply Penetrated; Says SecurID Information Stolen
(March 17 & 18, 2011)
An "extremely sophisticated cyber attack against RSA" may have
compromised the security of RSA SecurID two-factor authentication
products. In an attack preliminarily identified as an Advanced
Persistent Threat, digital information relating to SecurID tokens was
stolen from RSA systems. The company is contacting customers to let them
know of the breach and to offer suggestions for "strengthen[ing] their
SecurID implementations." Forty million SecurID tokens have been
deployed; they are often used to conduct financial transactions and at
[ mmix @ 18.03.2011. 21:32 ] @
Naslov je promenjen u medjuvremenu
[ EArthquake @ 19.03.2011. 02:31 ] @
hihihihi "deeply penetrated"
nego , idemo nove zavere, php.net ownan , source backdoorovan ...
[ combuster @ 19.03.2011. 12:13 ] @
Kazu da su im haknuli wiki i da source nije ni pipnut :)
[ EArthquake @ 19.03.2011. 19:31 ] @
rekoh zavere ... :D
[ Impaler @ 24.03.2011. 14:18 ] @
evo jpoš malo zavere :
[Ovu poruku je menjao Impaler dana 24.03.2011. u 15:39 GMT+1]
SSL certificates are used by websites to confirm their identity to end users.
comodogateCertificate vendor Comodo has announced today that nine rogue certificates were issued through them. These certificates were issued for:
* mail.google.com (GMail)
* login.live.com (Hotmail et al)
* login.yahoo.com (three certificates)
* addons.mozilla.org (Firefox extensions)
* "Global Trustee"
According to Comodo, the registrations seemed to be coming from Tehran, Iran and they believe that because of the focus and speed of the attack, it was "state-driven".
[ mmix @ 24.03.2011. 20:23 ] @
MS je vec reagovao, urgent update je izasao
vec ga imam u update listi. predlazem svima da ga instaliraju.
[ EArthquake @ 01.04.2011. 23:05 ] @
haha APT ...
ownowali ih mail phishingom , flash 0day (koji vise nije 0day doduse) isti onaj o kom smo pricali na advocacy...
nadam se da ovo nije april fools ...
[ combuster @ 03.04.2011. 16:59 ] @
Ma da :)
STA CE FLASH INSTALIRAN NA RACUNARIMA KOMPANIJE KAO STO JE RSA ??? I ako je vec preko potreban zasto masine nisu izolovane van mreze i racunara koji sadrze poverljive dokumente ? Da, da, lesson learned...
Copyright (C) 2001-2022 by www.elitesecurity.org. All rights reserved.