RSA SecurID Breach Has Partners Seeking AnswersBy Ericka Chickowski | Print
RSA channel partners are concerned about the lack of details from RSA following a security breach of its authentication SecurID product which is used by a range of organizations including banks and highly sensitive government entities.
RSA channel partners are seeking more information and counseling their clients on risk mitigation following the publication on March 17 of an open letter from Art Coviello, CEO of RSA, an EMC company, that outlined a breach that compromised its highly popular authentication token SecurID product. Used by a wide range of organizations such as banks and highly sensitive government entities, SecurID provides customers with a one-time authentication method that requires the user to use a hardware token authenticator to sign in rather than relying solely on insecure passwords.
As partners scrambled on last week to deal with the ramifications of the breach, the details from RSA as to how information was obtained and what exactly the attackers took remained scant.
"The lack of specific information scares the ---- out of me," says Bobby Kuzma, owner of managed security service provider Central Florida Technology Solutions. "Fundamentally the fact that we don't know what exactly was compromised really limits our ability to react appropriately on behalf of all of our clients, many of whom do have secure id implementations."
The informational abyss has led to rampant speculation among partners as they tried to figure out the implications for their customers.
"Based on our current understanding there is no reason to suspect
the core security features of the SecurID have been significantly
compromised," says Jeremy Allen, principal consultant at Intrepidus
Group. "However, if there has been a flaw discovered in the SecurID
token code generation process or some large scale material compromise
of token seeds has occurred the impact could be tremendous. Given RSA's
8K filing that they expect no financial impact there is not a reason to
suspect a significant compromise. Time will tell the real story behind
Token seeds are the algorithmic keys that enable SecurID tokens to
spit out an authentication code at certain intervals. Every token comes
from a different seed, which cannot be changed and essentially is the
lynchpin of the token's security. It is the scenario of a loss of the
token seeds that frightens Kuzma most.
"The fact that it did not specifically note what was compromised
says to me that it's either some or all of the seeds that they've
issued, or the mechanism by which they generate the seeds was
compromised," he says. "In that case, it may involve physically
replacing all of the outstanding key fobs with ones with new seeds,
which would be a Chinese fire drill of epic proportions. Because of the
secure design of these tokens, you can't reseed them; they can't be
reinitialized. RSA designed them to prevent that."