RSA Admits SecurID Tokens Have Been Compromised

← Back to Stories (view on slashdot.org)

RSA Admits SecurID Tokens Have Been Compromised

Posted by CmdrTaco on Tuesday June 7, 2011 @12:48AM from the hey-i-have-one-of-those dept.

A few months ago, RSA Servers were hacked, and a few weeks ago Duped tokens were used to hack Lockheed-Martin. Well today Orome1 writes "RSA has finally admitted publicly that the March breach into its systems has resulted in the compromise of their SecurID two-factor authentication tokens. The admission comes in the wake of cyber intrusions into the networks of three US military contractors: Lockheed Martin, L-3 Communications and Northrop Grumman — one of them confirmed by the company, others hinted at by internal warnings and unusual domain name and password reset process."

162 of 219 comments (clear)

Min score:

Reason:

Sort:

Is this an act of war? by cultiv8 · 2011-06-07 00:50 · Score: 4, Interesting

Sit back peoples, get some popcorn, this should be interesting...

--
sysadmins and parents of newborns get the same amount of sleep.
1. Re:Is this an act of war? by Nickodeimus · 2011-06-07 00:53 · Score: 1
  
  its likely that the hack of northrop was the cause of the fed making that statement.
2. Re:Is this an act of war? by Anonymous Coward · 2011-06-07 01:26 · Score: 1
  
  Meh, they'll just claim it was some "renegade" "terrorist" organisation like Anonymous or Lulzsec. That way they can safe face by not acting on their big "act of war" speech while simultaneously passing new laws to grant themselves more powers.
3. Re:Is this an act of war? by somersault · 2011-06-07 01:43 · Score: 1
  
  But surely now that Osama and Saddam are dead, they need some other people to add to the ol' war list in case they run out? Right now there's always camel-face and Kim Jong Il, but they must need a few more to keep the military cash flowing?
  
  --
  which is totally what she said
4. Re:Is this an act of war? by chemicaldave · 2011-06-07 01:53 · Score: 1
  
  Expect a committee of jowled senators to make an official inquiry into how RSA's tubes were breached.
5. Re:Is this an act of war? by TheRaven64 · 2011-06-07 02:14 · Score: 3, Insightful
  
  Cold wars are better for business than fighting wars. In a cold war, you get lots of funding but don't actually have to deliver anything. Cyberwar is even better, because whatever you do deliver becomes obsolete about ten seconds after deployment (at the latest), so you can keep getting the funding. A cyberwar with China is perfect, because there's always the possibility that it will turn into a shooting war, so you need to keep spending money on jets, drones, aircraft carriers, and so on, but there's no real chance that it will, so you don't have to waste much money on things like soldiers (who inconveniently take money away from shareholders' pockets, where it belongs).
  
  --
  I am TheRaven on Soylent News
6. Re:Is this an act of war? by Mister+Whirly · 2011-06-07 02:43 · Score: 1
  
  Why would China start shooting at the country that owes them the most money? Really wouldn't be in either counties economic best interest. All China would really need to do is stop borrowing the US money.
  
  --
  "But this one goes to 11!"
7. Re:Is this an act of war? by _Sprocket_ · 2011-06-07 02:44 · Score: 1
  
  No more interesting than the old Cold War days. Espionage has always had the possibility of being called an act of war and "cyberwar" is no more than espionage in an environment with new tools and a low barrier to entry.
8. Re:Is this an act of war? by pixelpusher220 · 2011-06-07 02:48 · Score: 1
  
  Communism isn't known for it's intelligent decision process. Granted neither is democracy, but I'll trust the latter more given the at least marginal public accountability...
  
  --
  People in cars cause accidents....accidents in cars cause people :-D
9. Re:Is this an act of war? by demonbug · 2011-06-07 04:02 · Score: 1
  
  Cold wars are better for business than fighting wars. In a cold war, you get lots of funding but don't actually have to deliver anything. Cyberwar is even better, because whatever you do deliver becomes obsolete about ten seconds after deployment (at the latest), so you can keep getting the funding. A cyberwar with China is perfect, because there's always the possibility that it will turn into a shooting war, so you need to keep spending money on jets, drones, aircraft carriers, and so on, but there's no real chance that it will, so you don't have to waste much money on things like soldiers (who inconveniently take money away from shareholders' pockets, where it belongs).
  See the increasing moves towards unmanned combat vehicles. Expensive (but cheaper than manned vehicles), expendable, and you don't have to worry about losing your own people and therefore jeopardizing the war. They will revolutionize war by making it not only profitable, but sustainable!
10. Re:Is this an act of war? by ronocdh · 2011-06-07 07:00 · Score: 1
  
  I think you're being facetious, but it's worth pointing out that money spent on jets and other machines of war is wasted whether they're used or not. As plebian as it may seem to quote 1984 in a discussion like this, I think the point is worth the didacticism:
  
  The essential act of war is destruction, not necessarily of human lives, but of the products of human labor. War is a way of shattering to pieces, or pouring into the stratosphere, or sinking in the depths of the sea, materials which might otherwise be used to make the masses too comfortable, and hence, in the long run, too intelligent.
  Building machines of war, even if they are not used, is profoundly detrimental to the progression of culture in a harmonious and sustainable way. And, as Eisenhower tried to warn, they will be used if they are created, albeit against enemies most likely to be defeated (in this case, probably not China).
11. Re:Is this an act of war? by RadiantPhoenix · 2011-06-07 08:52 · Score: 1
  
  So, what, capitalism and totalitarianism are known for intelligent decision processes?
12. Re:Is this an act of war? by pixelpusher220 · 2011-06-07 09:11 · Score: 1
  
  Did you even read the 2nd sentence? ;-)
  
  My point was a system that lets you vote for decisions is inherently better than top down dictatorship type governance.
  
  --
  People in cars cause accidents....accidents in cars cause people :-D
13. Re:Is this an act of war? by HiThere · 2011-06-07 09:51 · Score: 1
  
  What does Communism have to do with China? China is a dictatorial oligarchy, and hasn't had anything to do with Communism for over a decade. (Even then the "Communist" thing was mainly propaganda. It may still have been "sort of" real in the 1980's, but even then it was fading into propaganda.)
  And no, dictatorship and Communist are not synonyms. Neither is even a subset of the other, proper or otherwise. And, of course Communist is neither communist nor Marxist....and is only confused with either of them for the sake of propaganda. (I don't know that Marxism would work on any scale, and communism only works on a very small scale...village size or less. Which is, of course, why Communism doesn't ever look or act much like either of them. But at it's proper scale, that of a medium to large family, it's a superior system. [Given, of course, the right participants. It only works even then if the participants are well meaning. Otherwise it must morph into a more controlling form.])
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
14. Re:Is this an act of war? by pixelpusher220 · 2011-06-07 11:40 · Score: 1
  
  Fair enough, I was using Communism rather broadly and more in the old Soviet style which is basically the same thing as China today (again a broad generalization).
  
  Top down forced decision systems are usually less responsive to their people than democracy type systems.
  
  --
  People in cars cause accidents....accidents in cars cause people :-D
Cyber intrusions by ArAgost · 2011-06-07 00:52 · Score: 4, Insightful

1992 called, they wanted the adjective “cyber” back.
1. Re:Cyber intrusions by Anonymous Coward · 2011-06-07 00:58 · Score: 1
  
  1984 called, they wanted to remind 1992 as to when the term "cyber" was popularized.
2. Re:Cyber intrusions by rylin · 2011-06-07 01:01 · Score: 1, Redundant
  
  OH MY GOD, DID YOU WARN THEM?!
  (hello, lameness filter! how have you been?)
3. Re:Cyber intrusions by Trepidity · 2011-06-07 01:04 · Score: 2
  
  Ted Nelson was even complaining about its overuse in the late 1960s. Seems not to have really stopped.
  
  --
  10 PRINT CHR$(205.5+RND(1)); : GOTO 10
4. Re:Cyber intrusions by TerranFury · 2011-06-07 01:08 · Score: 5, Interesting
  
  ...and 1947 turns the dial on its rotary phone to call both '92 and '84:
  From here:
  
  It is worth noting that the Greek word for governor is k u ße r n a n . In 1947, Norbert Wiener at MIT was searching for a name for his new discipline of automata theory- control and communication in man and machine. In investigating the flyball governor of Watt, he investigated also the etymology of the word k u ße r n a n and came across the Greek word for steersman, k u ße r n t V . Thus, he selected the name cybernetics for his fledgling field.
  In other words...
  (Cyber = steering/adjustment/feedback) + (net = networks/interconnection) + (ics = study of)
5. Re:Cyber intrusions by Hijacked+Public · 2011-06-07 01:19 · Score: 1
  
  Cyber hanky to you, for the trouble.
  
  --
  "Sacrifice for the good of The State" - The State
6. Re:Cyber intrusions by Anonymous Coward · 2011-06-07 01:36 · Score: 1
  
  (hello, lameness filter! how have you been?)
  In desperate need of an addition to filter out tired XKCD memes, how are you?
7. Re:Cyber intrusions by somersault · 2011-06-07 01:55 · Score: 1
  
  Cyber-group hug!
  
  --
  which is totally what she said
8. Re:Cyber intrusions by timeOday · 2011-06-07 02:31 · Score: 1
  
  Not gonna happen. The term "cyber security" is ubiquitous in defense and government circles. In fact "cyber" means "cyber security" now. If anything, I expect "cyber" will become more common among the broader field of computer security, the same way "hacker" won out over "cracker."
9. Re:Cyber intrusions by lgw · 2011-06-07 03:07 · Score: 1
  
  TerranFury has it right. Cyber=governer is the correct etemology. "Cyber" entered SciFi because it was thought that cybernetics (systems that govern themselves through feedback) would be the key to robotic prosthetics. Half-robot "cyborg" warriors were a fun addition to the genre. Of coruse, that later gave rise to "cyberpunk" novels, forever associating "cyber" with "internet" (even though Vernor Vinge predated all the cyberpunk guys with his ideas about an MMO-style internet in "True Names").
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
10. Re:Cyber intrusions by Linker3000 · 2011-06-07 04:18 · Score: 1
  
  Yes, we have moved on to eIntrusions and iIntrusions - and how about Intrusions 2.0
  
  --
  AT&ROFLMAO
11. Re:Cyber intrusions by ghmh · 2011-06-07 19:07 · Score: 1
  
  You're at least 50 years later than you should be. Norbert Wiener says to say hi.
12. Re:Cyber intrusions by __aamnbm3774 · 2011-06-10 04:58 · Score: 1
  
  I disagree. Etymology is always past-looking, its a neat concept to tract the evolution of speech, but is inappropriately used for 'coining a phrase'. The first use of a word is what makes it unique and new. The word 'finger' is not 30,000 years old, as English was not around back then...even if there was a grunt or motion to indicate the concept. The concept of a 'system the governs the body' has been around since Galen, circa 160 AD.
  
  I like this date better.
13. Re:Cyber intrusions by lgw · 2011-06-13 06:01 · Score: 1
  
  I don't get your point - your link seems to confirm that "cyber-" comes from "cybernetics", with cyber- the prefix coming around about the time of the cyberpunk novels, and cybernetics from 1948.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
Dear Customers... by fuzzyfuzzyfungus · 2011-06-07 00:58 · Score: 5, Insightful

Golly Shucks. As it turns out, maintaining a copy of the seed keys for devices we sold specifically as a high-security access control solution on our under-secured network might have been a less than totally good idea... Well, lessons learned, eh?
1. Re:Dear Customers... by Anonymous Coward · 2011-06-07 01:18 · Score: 3, Insightful
  
  I think we're all assuming (for the most part) that the attack was over a network. If the keys were physically stolen from an offline box, then that's a different matter. If they had their high-security seed keys--as GP refers to them--accessible remotely in any manner, that was probably an avoidable mistake.
2. Re:Dear Customers... by fuzzyfuzzyfungus · 2011-06-07 01:19 · Score: 5, Insightful
  
  My main issue was with retaining the seed keys in any network accessible location.
  
  Those things should have been deleted upon transfer to the customer or(if so requested) stored on archival media in a vault somewhere unless needed by the customer for recovery purposes.
  
  My point isn't "Ha Ha, their network guys fucked up, I could have done better!" My point is "for something as interesting as the seeds you would find useful in compromising a laundry-list of high-profile, high-security targets, basically no configuration would be sufficiently secure, and storing them in an insufficiently secure manner is hugely irresponsible.
  
  After the the tokens were seeded, there was no further need for RSA to have them anywhere that they could be accessed electronically.
3. Re:Dear Customers... by amn108 · 2011-06-07 01:21 · Score: 1
  
  Do you know how their two-factor authentication works? How do you propose their system authenticates a client if it doesn't have a copy of the seed?
4. Re:Dear Customers... by wkk2 · 2011-06-07 01:23 · Score: 1
  
  I have two questions: Did someone required them to keep the initial values and why wasn't the system designed so that the customer was required to initialize the tokens?
5. Re:Dear Customers... by thijsh · 2011-06-07 01:24 · Score: 5, Insightful
  
  For master encryption keys anything other than offline physically secure storage is a risk that is too high... The extra hassle of having a guy physically go to the storage when new certificates need to be signed is what you pay the security premium for right? This is not about discount SSL certificates that need to be sent with an automated process, no need at all to hook the machines to the internet... under-secured or super-duper-unbreakable-secure(tm) does not matter, just don't.
6. Re:Dear Customers... by fuzzyfuzzyfungus · 2011-06-07 01:25 · Score: 3, Insightful
  
  RSA's customers certainly need to have a copy of their tokens' seed keys on their authentication server; but RSA doesn't need a copy of their customers' seed keys...
7. Re:Dear Customers... by yodleboy · 2011-06-07 01:25 · Score: 2
  
  i think his point was that they sell a "high security" product and then store the keys on an apparently "low security" network. probably a bad idea.
8. Re:Dear Customers... by hublan · 2011-06-07 01:26 · Score: 2
  
  Perhaps by keeping the machine that hosts the seed secured? Like using a protocol between the publicly facing machine and the seed machine that doesn't allow for remote shell access? Really basic stuff, actually.
  
  --
  My spoon is too big.
9. Re:Dear Customers... by thijsh · 2011-06-07 01:32 · Score: 1
  
  Public/private key pairs... not rocket science, but I must admit close...
10. Re:Dear Customers... by c0lo · 2011-06-07 01:35 · Score: 2
  
  RSA's customers certainly need to have a copy of their tokens' seed keys on their authentication server; but RSA doesn't need a copy of their customers' seed keys...
  Unfortunately, I imagine they do need the copy: otherwise how do they make sure they never issue duplicates to different customers?
  
  --
  Questions raise, answers kill. Raise questions to stay alive.
11. Re:Dear Customers... by GameboyRMH · 2011-06-07 01:43 · Score: 1
  
  If the storage or machine containing the seed keys wasn't airgapped and in a safe, it was under-secured.
  Because I know to do this and RSA doesn't, I 'd say I know how to properly secure a network better than RSA.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
12. Re:Dear Customers... by GameboyRMH · 2011-06-07 01:45 · Score: 1
  
  And that copy should stay on an airgapped machine or storage device sitting in a safe, or at the very least, in a secure area on a separate network disconnected from the outside world.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
13. Re:Dear Customers... by AJH16 · 2011-06-07 01:47 · Score: 2
  
  Perhaps they kept them around for initializing more fobs if necessary without having to transfer the root key again. Granted, it would probably be better to use a new root key and have a system support multiple, but then you have a key distribution problem where you need to distribute another key as well. It might not have been the most secure choice, but it seems it could have a lot of benefits for the sake of convenience if they thought they had it protected enough. Everything in security is about trade offs of usability versus security. You may not agree with where they drew the line and hind sight is always 20/20, but it still doesn't make it a wrong choice necessarily.
  I'm way more annoyed with the lack of good information about the nature of the data compromised than I am about the fact the breach was able to happen.
  
  --
  AJ Henderson
14. Re:Dear Customers... by fuzzyfuzzyfungus · 2011-06-07 01:48 · Score: 3, Informative
  
  If they need to check the list of seeds they've already used, their seed length is arguably way, way, way too short. With sufficient seed length, the risk isn't quite zero; but it is so vanishly close that it doesn't matter.
  
  Since the algorithm that the tokens use is public knowledge, anybody can, for a given seed, compute the token display value at time T. If the seed-space were so small that RSA needed to do duplicate checks, rather than just resting assured in the fact that they'd need to issue a fob to every proton in the universe before the risk of duplication rises above 1%, then there would be the theoretical danger that an attacker could just brute-force things by computing each seed chain, and then inferring the target fob's seed by sampling its output at one or more times and seeing which seed chain it matched...
15. Re:Dear Customers... by vlm · 2011-06-07 01:50 · Score: 3, Insightful
  
  RSA's customers certainly need to have a copy of their tokens' seed keys on their authentication server; but RSA doesn't need a copy of their customers' seed keys...
  Unfortunately, I imagine they do need the copy: otherwise how do they make sure they never issue duplicates to different customers?
  LOL that one was funny, and some PHB requirement like that is probably the cause of the whole problem. Like intro to crypto 101 problem funny. To the noobs out there, the solution involves storing the hash of the existing keys instead of the keys themselves. Supposedly, can't turn a hash back into a key, but if the hash of your new key matches a pre-existing hash, then its a dupe, make another and try again.
  That's only needed if it's required to prove there's no dupes... realistically, if you have a 1024 bit key and 16 bits worth of customers, the odds of a collision, which wouldn't matter anyway, are 1 in 2 ** (1008) or in other words quite unlikely.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
16. Re:Dear Customers... by swillden · 2011-06-07 01:50 · Score: 2
  
  For master encryption keys anything other than offline physically secure storage is a risk that is too high
  I would agree with you if secure hardware security modules (HSMs) didn't exist. Buy a FIPS 140-2 Level 4 certified device, get people who know what they're doing to configure it for you (including ensuring that the device will never, under any circumstances, export the master keys) and it is acceptable to have the device networked. You still need to have strong physical security around it, though that's more to prevent the DOS attack that results from having the device stolen than due to concern about someone extracting the keys from it, and of course it's always a good idea to secure the network it's on as well just out of due diligence and an abundance of caution, but in such a device your keys are extremely safe from both remote and physical extraction attacks.
  With a good HSM, what you really focus your security efforts around isn't physical or network security, it's access control policies. If an attacker can fire requests at the HSM and have them serviced, he doesn't need the keys or physical possession of the HSM, he can just ask the device to encrypt/decrypt/sign whatever he'd like.
  When managing keys used to derive other keys (which is probably what is meant by "master key" here, though I didn't RTFA), the most important goals are to ensure that no one, regardless of access, can re-derive and re-export an already-exported key and to carefully control the export and personalization path to ensure that a derived key cannot be duplicated or diverted during personalization. ("Personalization" here refers to the process of loading a derived key into the device that will use it.)
  This is all very doable. Obviously, RSA didn't do it, which is baffling.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
17. Re:Dear Customers... by afidel · 2011-06-07 01:52 · Score: 1
  
  For something that protects defense networks the only properly secured network is probably an airgapped one, but that would have been too inconvenient...
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
18. Re:Dear Customers... by fuzzyfuzzyfungus · 2011-06-07 01:53 · Score: 5, Insightful
  
  I suspect that the first question falls into the "Very interesting, pity we'll never find out..." category.
  
  As for the second, I suspect that it is largely a matter of manufacturing convenience and/or fob tamper resistance. With RSA doing the keyfill at point of manufacture, the customer just needs to load the seed file for the entire batch onto their authentication server and then hand out the tokens, which are glued shut with considerable enthusiasm, and have no externally accessible electrical connections of any sort. If the customer did the fill, that would be extra effort (and a step where grunt manual labor would meet very sensitive data, not a pleasant HR situation...) for them, and would mean that RSA would have to validate their design against attacks on the exposed connectors. Neither is impossible to overcome; but under the(now invalid) assumption that RSA wouldn't fuck it up, certainly easier to avoid than to deal with.
19. Re:Dear Customers... by clodney · 2011-06-07 02:02 · Score: 5, Interesting
  
  Admittedly for a company in the security business they get a big fail on this one.
  But I suspect that properly securing them is more difficult than it would appear to the outside observer. At one job I had, we had a signing key of some sort, which was on a USB key in a sealed envelope in a safe. We only took that key out when it needed to be used, which was maybe once a year. Easy enough to observe all the necessary precautions, even if it felt like overkill.
  But remember that RSA presumably manufactures these tokens every single day. So the seed values have to be handled correctly all the time, and that makes the air gap restrictions tremendously onerous to comply with. The seed values need to be known to the authentication servers, and customers will likely demand that RSA could provide them the necessary data to reload authentication servers in the event of a major crash (yes, I know, backups, etc. - but the real world is not always like that).
  So I suspect that RSA themselves was hurt by the classic security vs usability tradeoff. They need ongoing access to the data that they need to keep secure, and the security restrictions impacted usability, to the point where the policies were weakened, either officially or just by being sloppy.
  Defenders have to be good all the time. Attackers only have to succeed once.
20. Re:Dear Customers... by Tim+C · 2011-06-07 02:05 · Score: 4, Insightful
  
  I like how everything is now "under-secured" as if you have any first hand knowledge of the nature of the attack at RSA or the security measures they had in place.
  Someone got in. Seems to me that that is a very good, practical definition of "under-secured".
  
  --
  It's official. Most of you are morons.
21. Re:Dear Customers... by PIBM · 2011-06-07 02:18 · Score: 4, Informative
  
  I remembered reading about this, and the failure mode were quite important to me. Let me quote wikipedia on this:
  Section 4.1.1 of the specification describes additional attacks that may require mitigation, such as differential power analysis. If a product contains countermeasures against these attacks, they must be documented and tested, but protections are not required to achieve a given level. Thus, a criticism of FIPS 140-2 is that the standard gives a false sense of security at Levels 2 and above because the standard implies that modules will be tamper-evident and/or tamper-resistant, yet modules are permitted to have side channel vulnerabilities that allow simple extraction of keys.
22. Re:Dear Customers... by wkk2 · 2011-06-07 02:22 · Score: 1
  
  Yes, I'm sure we will never find out if the data was given to various agencies. After carefully opening one, I agree that they are tamper evident. It wouldn't be a big step to have two pins (I2C?) for programming from a simple workstation that also loaded the customer's server. A fuse link or finalize command could prevent future changes. I would hope the programming could be idiot proof but they keep making better idiots.
23. Re:Dear Customers... by Dodgy+G33za · 2011-06-07 02:23 · Score: 1
  
  What gets me is how this got by the security reviews of the many companies that use the devices. Just about the first question I would have asked was who has access to the seed keys. If the answer was 'we keep them' they would have been sent packing.
  If RSA holding the seeds is fundamental to the design of the solution (the seed would probably need to be know at time of manufacture of the token) then the design of the solution is flawed. But at the very least they should have allowed for multiple keys on the server, have a key per batch of RSA keys, and then destroyed their copy of the key once they handed over to the customer. Keeping a master copy was just insane. And even if they kept a copy it should have been on a HSM on an isolated physically protected network or preferably on paper in a safe.
24. Re:Dear Customers... by marcosdumay · 2011-06-07 02:36 · Score: 1
  
  "While those who share their subscriptions with a spouse or other family members under the same roof almost certainly have nothing to fear"
  
  Well, I bet the GP knows something about cryptography... And by knowing that, he probably knows that if RSA used some proper security, it would be impossible to retrieve the keys by attacking the server (as TFA says that happened). Thus, RSA didn't use propoer security.
  Now, I have no idea why RSA didn't use propoer security, it may have even the client that demanded it. But just don't claim they had a secure infrastructure, because they didn't.
  
  --
  Rethinking email
25. Re:Dear Customers... by marcosdumay · 2011-06-07 02:37 · Score: 1
  
  Do you know how public key cryptography works?
  
  --
  Rethinking email
26. Re:Dear Customers... by guruevi · 2011-06-07 02:37 · Score: 1
  
  Never seen Mission Impossible eh.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
27. Re:Dear Customers... by WuphonsReach · 2011-06-07 02:46 · Score: 2
  
  Perhaps they kept them around for initializing more fobs if necessary without having to transfer the root key again.
  
  In simpler terms - convenience won out over security.
  
  --
  Wolde you bothe eate your cake, and have your cake?
28. Re:Dear Customers... by Mad+Merlin · 2011-06-07 02:56 · Score: 1
  
  That's only needed if it's required to prove there's no dupes... realistically, if you have a 1024 bit key and 16 bits worth of customers, the odds of a collision, which wouldn't matter anyway, are 1 in 2 ** (1008) or in other words quite unlikely.
  Stats 101: The odds of a collision between any two seeds is substantially higher than that: http://en.wikipedia.org/wiki/Birthday_paradox
  
  --
  Game! - Where the stick is mightier than the sword!
29. Re:Dear Customers... by Lord+Ender · 2011-06-07 03:02 · Score: 1
  
  Wrong. The secret value in SecurID tokens is not some private key in a PKI. It's just a random number. There is no reason RSA couldn't just write these random numbers to write-only media and delete all other copies after sending them to the customer. There is no reason to keep them accessible on the network--let the support people sneaker-net the numbers if the customer loses theirs! That's the appropriate level of security for something as sensitive as this.
  Of course, I'm sure they know this. The real reason RSA kept their customers' seed records vulnerable on the wire was so that they could outsource their support to third world crop-pickers at $1/hour. I've spoken with RSA support flunkies--they've never even seen the product they support, in many cases. RSA is walmart-quality security.
  
  --
  A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
30. Re:Dear Customers... by makomk · 2011-06-07 03:03 · Score: 2
  
  With RSA doing the keyfill at point of manufacture, the customer just needs to load the seed file for the entire batch onto their authentication server and then hand out the tokens, which are glued shut with considerable enthusiasm, and have no externally accessible electrical connections of any sort.
  They don't do that though. As far as anyone outside RSA can tell, the keyfill port is a row of 7 PCB contacts hidden behind a little rectangular stick-on plastic cover on the back of the device. The cover doesn't even seem to be tamper-evident let alone tamper-resistant - you just press it back down again after you're done gawking and it sticks right back into place.
31. Re:Dear Customers... by 0123456 · 2011-06-07 03:05 · Score: 1
  
  Stats 101: The odds of a collision between any two seeds is substantially higher than that: http://en.wikipedia.org/wiki/Birthday_paradox
  But that's really irrelevant unless the company generating the seeds is inept and uses 8-bit seeds: if your seed contains as little as 128 bits and is truly random then you'd need to sell about 2^64 tokens before you'd expect a dupe.
  And why would it matter anyway? The odds of a cracker happening to buy a token which also matches the other token that they want to exploit would be minute... far less than the odds of said cracker managing to steal the seed from a stored copy on the manufacturer's server that's used to prevent dupes.
  As mentioned above, if you really, really must eliminate dupes then just store a hash and reject any generated seed that matches. Storing the key itself is insane.
32. Re:Dear Customers... by Khyber · 2011-06-07 03:05 · Score: 1
  
  'I like how everything is now "under-secured" as if you have any first hand knowledge of the nature of the attack at RSA or the security measures they had in place."
  We don't need the knowledge you tool. If a man can make it, then a man can break it, and a man can fix it, it's that simple.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
33. Re:Dear Customers... by Anomalyst · 2011-06-07 03:09 · Score: 1
  
  Never seen Mission Impossible eh.
  Which flavor? The tall dignified Peter Graves MI or the shrimpy Tom "Xenu" Cruise MI?
  
  --
  There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
34. Re:Dear Customers... by dworz · 2011-06-07 03:28 · Score: 1
  
  Well, they need to keep the seed keys. How else would the [insert three-letter agency] snoop on your communications?
35. Re:Dear Customers... by Bert64 · 2011-06-07 03:33 · Score: 1
  
  The main issue was in providing seed keys themselves, rather than providing customers with blank tokens the means to generate their own.
  Some other providers do provide customers with the means to seed their own keys, and compromising suppliers of such tokens would not necessarily compromise their customers.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
36. Re:Dear Customers... by nabsltd · 2011-06-07 05:02 · Score: 1
  
  There is no reason RSA couldn't just write these random numbers to write-only media and delete all other copies after sending them to the customer.
  If it truly is "write-only media", then isn't that the same as /dev/null? In other words, if there is no way to read them back, then how would you have "the support people sneaker-net the numbers if the customer loses theirs"?
  If by "write only" you meant "paper printouts" or "CD-ROM", I don't think you understand how to use paper or CD-ROMs correctly.
37. Re:Dear Customers... by nabsltd · 2011-06-07 05:17 · Score: 1
  
  As mentioned above, if you really, really must eliminate dupes then just store a hash and reject any generated seed that matches. Storing the key itself is insane.
  On thing to watch out for here is that your hash needs to be at least as many bits as the seed, otherwise you might get too many false positive collisions.
  Although such a false positive wouldn't jeopardize security, it might cause problems initializing a new token, if you really sell a lot of tokens.
38. Re:Dear Customers... by Ytsejam-03 · 2011-06-07 05:46 · Score: 1
  
  With RSA doing the keyfill at point of manufacture, the customer just needs to load the seed file for the entire batch onto their authentication server and then hand out the token
  Don't forget that the tokens also expire every couple of years. If it customers were able to load a new seed themselves, then they wouldn't need to purchase new ones as often.
39. Re:Dear Customers... by AJH16 · 2011-06-07 07:01 · Score: 1
  
  It isn't that simple, convenience always wins out over security. I will happily store your data for you in a way nobody will ever get to it (send it to dev\null). Unfortunately you can't get it either. Even the best designed security limits usability by the nature of what you are doing. The job of good design in security is to find the balancing point. Sure I could disable every single transfer of data out of a system without having every user of the system sign off on it so that nobody in the organization could collude with anyone else to hurt anyone in the organization, but is that really good security or is it just an overly burdensome system that offers no real benefit? Any system can and will be broken by a sufficiently motivated attacker with sufficient resources. The point of security is simply to set the balancing point between your possible loss, your costs and your usability at the ideal level. Anyone who doesn't understand this will never make a good security professional.
  
  --
  AJ Henderson
40. Re:Dear Customers... by AJH16 · 2011-06-07 07:04 · Score: 1
  
  Also, specifically on the case of transferring the root key again, that leaves the key exposed and vulnerable. Even beyond convenience, do you trust your ability to exchange the key in the future securely or do you trust your ability to store it and not have to send it. The traditional rule for symmetric key exchange is to store securely rather than transmit if you can avoid it. Any time you transmit a key, you leave it open to compromise and once a key is compromised you can't uncompromise it and can't necessarily detect the compromise.
  
  --
  AJ Henderson
41. Re:Dear Customers... by WaffleMonster · 2011-06-07 07:05 · Score: 1
  
  But remember that RSA presumably manufactures these tokens every single day. So the seed values have to be handled correctly all the time, and that makes the air gap restrictions tremendously onerous to comply with. The seed values need to be known to the authentication servers, and customers will likely demand that RSA could provide them the necessary data to reload authentication servers in the event of a major crash (yes, I know, backups, etc. - but the real world is not always like that).
  This is a pathetic excuse. All they need to do is tell the user up-front securing the data provided by RSA is their responsibility. Include a schedule of fees to be charged to the customer to replace the tokens in the event the fob data is lost.
  When the fob data arrives a challenge key should be included to be entered on the securid web site. When successful a response key necessary to decrypt the response database is provided AND the keys are removed from RSA servers in a single atomic action.
  SecurID would make more money that way and lessen their liability. The "real world" defense is just a (very poor) excuse.
  I'm sure many customers get ticked off when they see "card off" or "expired" on their FOBs yet securid still manages to keep a huge share of the market coming back for more.
42. Re:Dear Customers... by thoromyr · 2011-06-07 07:23 · Score: 1
  
  I'm not sure you get the size of the numbers involved. Unsurprising, but you might want to put things into perspective. Its convenient to write a large number in a notation like 2^64 (being the number of tokens sold before expecting a dupe according to GP), but another to even remotely consider how large it is.
  1. Realistically, dupes don't matter. Really, they don't. Arguing about a potential collision is about as useful as saying someone could randomly concoct the sequence. No reason to ever record seeds
  2. If a hash mechanism were employed to check for dupes you would *want* it to have fewer bits. Otherwise you aren't really hashing, you are just substituting. But even if the numbers are too big to figure out how freaking utterly huge they are allow me to point out that the company would by *very* happy to sell enough to be chucking some for being "dupes" even if the odds of being a dupe were actually only 1 in 2^32
43. Re:Dear Customers... by DriedClexler · 2011-06-07 10:37 · Score: 1
  
  Not a good example, most people have more than 8 "two-bit" customers ;-)
  
  --
  Information theory is life. The rest is just the KL divergence.
44. Re:Dear Customers... by swillden · 2011-06-07 11:26 · Score: 1
  
  All of the level 4 devices on the market include capacitors to smooth power consumption. DPA isn't really an issue. For that matter, even lower-end devices have DPA countermeasures these days. Nor are other side-channels like thermal analysis or EM monitoring, because of the shielding that must encase them in order to provide the physical penetration resistance that is required to meet the level 4 requirements.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
45. Re:Dear Customers... by amn108 · 2011-06-07 20:24 · Score: 1
  
  Yes, how about you?
46. Re:Dear Customers... by sjames · 2011-06-07 20:43 · Score: 1
  
  A good way to get a unique but unguessable value is to start with a token such as the number of seconds since a given date, then append random values.
  Of course, in this case, they don't have to be absolutely unique, just probably unique. If two customers are issued the same seed, the odds are about nil that the eventual holders of those fobs will even know (and it would be incredibly hard to find out).
47. Re:Dear Customers... by amn108 · 2011-06-07 20:43 · Score: 1
  
  So please bear with me and see if I get this right:
  A physical device called token, incorporates two vital elements - a unique seed and a "secret" algorithm that given a unique seed, and optionally (on token users side), a username and a valid password, produces a verification code. The code also depends on a clock - given the same combination of seed (and again optionally,) a username and a valid password, it is only the same for a limited timespan - i.e. same seed, (...username, password) will produce different valid verification codes at different times of day, usually split into discrete periods of ca 1 minute.
  The service authenticating the user of a token like the above, is based on verification of the code "computed" by the token. It matches the code supplied by the user with the code it produces itself. Obviously, the process is the same for the service - naturally, it will require the seed, the algorithm, and ALWAYS a username and a password (hence two-factor auth.) With these on its side it also produces a code. If the codes match, authentication is a fact.
  The scheme is considered more secure than username/password based auth. because it not only is based on something a user knows, but also on a physical device they must have access to. Obviously the server HAS TO keep a copy of the seed, in either form that satisfies the computing of the code given the "secret" algorithm.
  At least one of the two - algorithm or the seed - have to be kept a secret obviously, and if either is unique for an account, the server HAS TO KEEP A COPY (hence my original point.) I.e. we can use a publicly known hashing function for the algorithm, but we can't give up the seed, or vice versa (preferrably former) - otherwise we at best reduce the system to a one-factor authentication, since now only the username and password have to be obtained, the code can be produced easily by anybody. At worst, the account is compromised.
48. Re:Dear Customers... by amn108 · 2011-06-07 21:02 · Score: 1
  
  Could it be viable to keep hashes (with unique salts to prevent rainbow table attacks) instead of cleartext copies of the seeds?
49. Re:Dear Customers... by Lord+Ender · 2011-06-16 02:38 · Score: 1
  
  Write-only in a security context means it can't be read back digitally (by a hacker). Someone onsite needs to do something physical make it readable.
  
  --
  A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Comment removed by account_deleted · 2011-06-07 01:00 · Score: 4, Insightful

Comment removed based on user account deletion
And they worry about retailers and PCI by John3 · 2011-06-07 01:01 · Score: 1

RSA keys are compromised, Sony gets compromised, and meanwhile the bankcard industry continues to come down hard on independent retailers to force them to bring their internal systems into PCI compliance. I know small retailers that have invested tens of thousands to secure their WiFi, update their firewall, upgrade their debit pads, all to protect cardholder data. Seriously, what criminal is going to target Joe's Hardware Store to snag a few hundred bankcards? These guys want the big targets. As Willie Sutton didn't say, "That's where the money is". Criminals are going to aim at the top of the food chain, not at the mom and pop store. And even if they do hack the mom and pop store the damage is minimal compared to an RSA or Sony breach.

--
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
1. Re:And they worry about retailers and PCI by Anonymous Coward · 2011-06-07 01:13 · Score: 1
  
  Huh?
  Joe's Hardware Store is a big, fat juicy target for blackhats.
  Why? Simple. They have Internet access, business grade, 24/7/365. Blackhats want compromised machines they can launch attacks from that can't be traced to them, and if Joe the owner of the hardware store gets blamed or tossed in prison, so much the better.
  Small businesses just have as much risk as the big guys because a security breach may not net the intruders as much cash as every credit card given to Sony, but the business can be easily shut down for good.
  Plus, small businesses supply big businesses. If a small business that makes code for a larger business gets hacked and their source tree compromised, the blackhats can then add backdoors that will be passed along.
2. Re:And they worry about retailers and PCI by surgen · 2011-06-07 01:16 · Score: 2
  
  These guys want the big targets.
  What guys? Are you implying that every malicious actor is part of one large homogenous blob of shared targets and interests?
  
  Criminals are going to aim at the top of the food chain, not at the mom and pop store.
  Or they'll go for the low-hanging fruit, the payoff might be smaller, but they sure can hit a lot more targets.
  You're advocating "lets fly under they radar, we'll be fine", that's terrible security. Besides, if they really are that small, they don't really need the robust kind of credit card processing you're talking about. It'd be cheaper for them to get some self-contained units and dedicated phonelines for them.
3. Re:And they worry about retailers and PCI by John3 · 2011-06-07 01:53 · Score: 1
  
  What I'm suggesting is that the bankcard industry is wetting their pants about retailer security and meanwhile the breaches are occurring at much more lucrative targets. I certainly think retailers need to secure their systems, but at what cost? For example, assume retailer has a secure WiFi network using WPA-2. That WiFi is on the same segment as their wired network. PCI standards require the business to segment the WiFi. That's obviously "best practice", but that means the business needs to invest in an upgraded firewall. When these businesses are struggling just to stay afloat they can't afford this technology investment.
  PCI compliance requires servers be in a locked room. If the business is a three person operation and the server sits under the owners desk then is that really a big security risk, or should the owner of this small business build a secure server room?
  With unlimited money I'd expect every business to secure their systems at the maximum level, but what level can we accept that will address the likely threat without bankrupting the small business owner? Do they really need to take a step back and use self-contained credit card machines?
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
4. Re:And they worry about retailers and PCI by bluefoxlucid · 2011-06-07 02:09 · Score: 1
  
  Nah, they'll get an internet-connected PC and run your credit card through PayPal.
  
  --
  Support my political activism on Patreon.
5. Re:And they worry about retailers and PCI by smelch · 2011-06-07 02:12 · Score: 1
  
  Perhaps they are appearing in high profile targets because big corps are likely to notice they've been compromised, and its more newsworthy. When a plane goes down you hear about it, but more people than were on that plane died in auto accidents that day.
  
  --
  If I can just reach out with my words and touch a butthole, just one, it will all be worth it.
6. Re:And they worry about retailers and PCI by jackbird · 2011-06-07 02:18 · Score: 1
  
  PCI compliance requires servers be in a locked room. If the business is a three person operation and the server sits under the owners desk then is that really a big security risk, or should the owner of this small business build a secure server room?
  Yes. They should use a colocated server in a datacenter or a third-party payment processor if they're that small.
7. Re:And they worry about retailers and PCI by Machtyn · 2011-06-07 02:38 · Score: 1
  
  Having worked with small businesses in the past, I can guarantee they have to be just as vigilant at protecting customer data. It's not a happy day (for them) when they report they think they've been hacked and CC data has been stolen.
8. Re:And they worry about retailers and PCI by Machtyn · 2011-06-07 02:39 · Score: 1
  
  Oh, I should also mention, these small companies usually don't find out until one or more of their customer's cards have been compromised and the customer reports back to them. The lag time hurts.
9. Re:And they worry about retailers and PCI by jimicus · 2011-06-07 03:22 · Score: 1
  
  With unlimited money I'd expect every business to secure their systems at the maximum level, but what level can we accept that will address the likely threat without bankrupting the small business owner? Do they really need to take a step back and use self-contained credit card machines?
  If my understanding of the SAQ for PCI section C-vt is correct, you may as well because the easiest way to comply is to dedicate a PC for use as the virtual terminal and put that PC on a separate network segment firewalled off from everything else.
  ICBW, and I welcome any correction.
10. Re:And they worry about retailers and PCI by zero0ne · 2011-06-07 04:18 · Score: 1
  
  At level 4, all you need is to fill out your annual PCI SAQ, as well as perform quarterly scans by some approved vendor.
  There is no requirement for your "server" to be stored in a locked room, with a dedicated, read-only server keeping all transactions and logs.
  99% of all merchants fall under Level 4.
11. Re:And they worry about retailers and PCI by John3 · 2011-06-07 04:40 · Score: 1
  
  True, but there is much confusion out there in "mom & pop" land. I own a small business and I'm certainly confused about the requirements, and I've got enough tech savvy to be dangerous. :)
  As someone else pointed out, the big breaches get the press while the small ones may not be getting seen above the media "noise". So if Joe's Hardware gets broken into and bankcards are stolen it's not a big deal and it doesn't hit the Slashdot front page.
  So maybe a bad analogy, but I guess I'm voicing the thoughts of small business owners (I run a discussion email list).
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
12. Re:And they worry about retailers and PCI by Rutulian · 2011-06-07 05:21 · Score: 1
  
  A ton of breaches happen at the small retail level. That's why the bankcard industry is requiring increased security. They aren't lucrative breaches, so you don't hear about it on the news, but they are significant. If an organized group can steal $10 from 10,000 accounts, that's $100,000. It adds up. And if it's a credit transaction, Visa et al are left absorbing the damages. So they have an incentive to tighten security.
13. Re:And they worry about retailers and PCI by John3 · 2011-06-07 05:33 · Score: 1
  
  Too bad the retailer has no incentive other than threats from the industry. Small business owners pay the highest transaction fees for bankcards, and now they are being saddled with additional costs to beef up security to protect the bankcard industry profits.
  Sorry, ranting a bit here. :)
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
14. Re:And they worry about retailers and PCI by Rutulian · 2011-06-07 07:09 · Score: 1
  
  Well, sure, but what do you propose? Retailers either have to absorb risk, or pay for mandated security. As far as absorbing risk is concerned, they do some. Verification of signatures for transactions is required to show due diligence, for example. But they mostly pass on the cost of fraudulent transactions. In cases where retailers do absorb the entire cost of fraud (ex: checks), they just drop it as a form of payment. So, no, I don't think there is a realistic scenario where small retailers can afford to absorb the costs of fraud because, as you say, profit margins are usually low already. So that leaves paying the (possibly high) cost for good security....
15. Re:And they worry about retailers and PCI by sjames · 2011-06-08 07:12 · Score: 1
  
  The really sad part is that all that PCI compliance makes the front door like a bank vault while the back door is a rickety screen door.
  They could secure the entire system with an appropriate smart card/digital wallet (available for decades), but they refuse. Instead, they insist on ever more complex and pointless compliance.
Anybody know? by fuzzyfuzzyfungus · 2011-06-07 01:01 · Score: 3, Interesting

Are there any big, important checkbox-compliant certifications that RSA's customers might have been using the (Not Cheap) RSA tokens to obtain that, as a consequence of this sordid episode, might no longer be attainable with RSA gear? That seems like it would be a fitting punishment for RSA's questionable security practices and even more questionable disclosure practices; but I'm afraid that I haven't wrapped my head around the alphabet soup of compliance acronyms in different areas enough to know.
1. Re:Anybody know? by thoromyr · 2011-06-07 07:30 · Score: 1
  
  This is probably the most important comment so far. I wish I had mod points.
Lies, damn lies by Anonymous Coward · 2011-06-07 01:05 · Score: 1

Am I the only one getting frustrated by all those companies telling everyone that no important/usable data was taken/accessed and comming out a month later with "Sorry, finally they took everything."
Sony, then RSA, even fucking congressmens seem to think lying to everybody is OK.
To hell with the fuking lies.
1. Re:Lies, damn lies by AHuxley · 2011-06-07 01:58 · Score: 1
  
  Company: It's just a little hacked. It's still profitable, it's still profitable!
  It's just a little compromised, it's still profitable, it's still profitable!
  It's just a little copied, it's still profitable, it's still profitable!
  Tech: [Crestfallen.] It's public.
  Company: I know.
  
  --
  Domestic spying is now "Benign Information Gathering"
And the worst part.... by wjousts · 2011-06-07 01:05 · Score: 1

...is that I'm going to have to fiddle around to get my RSA key fob off my keyring so I can put a new one on. Damn keyrings always end up hurting my nails.
1. Re:And the worst part.... by vlm · 2011-06-07 01:45 · Score: 1
  
  ...is that I'm going to have to fiddle around to get my RSA key fob off my keyring so I can put a new one on. Damn keyrings always end up hurting my nails.
  A really cool hack would be replicating the operation of a keyfob using the very stereotypical ardweeno board or any other microcontroller. Or even a small perl script.
  By replication, I don't mean a small box that outputs a periodically changing random number on a LCD like a movie prop, but I mean a replication of my actual fob, that when used, successfully lets me log into a VPN. Now that would be cool. I haven't seen one yet.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
2. Re:And the worst part.... by Mashiki · 2011-06-07 01:47 · Score: 1
  
  That's what knives, pennies/dimes, and nail files are for.
  
  --
  Om, nomnomnom...
3. Re:And the worst part.... by wjousts · 2011-06-07 02:53 · Score: 1
  
  Which is great until you slip and stab yourself in the fucking hand.
4. Re:And the worst part.... by makomk · 2011-06-07 03:08 · Score: 1
  
  That's not terribly difficult to manage if you manage to obtain your fob's seed somehow; the algorithm has been public for a while. Of course, for security reasons they're designed to prevent you from doing that.
5. Re:And the worst part.... by Anomalyst · 2011-06-07 03:14 · Score: 2
  
  Which is great until you slip and stab yourself in the fucking hand.
  So use use the hand not involved in carnal relations, duh.
  
  --
  There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
6. Re:And the worst part.... by wjousts · 2011-06-07 06:02 · Score: 1
  
  Well I don't know about you, tiny, but I need BOTH hands. ;)
RSA is Offering to Replace Tokens by chill · 2011-06-07 01:06 · Score: 2

Here is a link to RSA's official statement made yesterday. They are offering to replace tokens for "customers with concentrated user bases typically focused on protecting intellectual property and corporate networks".
That is corporate VPN, not the people who use tokens issued to get to websites, such as banking info.

--
Learning HOW to think is more important than learning WHAT to think.
1. Re:RSA is Offering to Replace Tokens by Anonymous Coward · 2011-06-07 01:19 · Score: 1
  
  The phrase "focused on protecting intellectual property and corporate networks" is an interesting choice in that it doesn't include financial transactions. Are they really only offering this to high value (to EMC/RSA) customers, or ones with special (e.g., government)? Does this offer exclude, Joe's small business or your local bank that was sold on RSA security by some local consultant?
2. Re:RSA is Offering to Replace Tokens by fuzzyfuzzyfungus · 2011-06-07 01:27 · Score: 4, Insightful
  
  Dear customers who don't matter,
  
  We are committed to providing you with a customer experience commesurate with what we can get away with. XOXOXO,
  RSA
3. Re:RSA is Offering to Replace Tokens by AJH16 · 2011-06-07 01:38 · Score: 1
  
  They are offering transaction monitoring to financial providers. The difference is distribution of the tokens. The tokens themselves are probably pretty cheap, but securely distributing millions of tokens to remotely located users is a non-trivial task with a lot of additional cost. Also, distributing new tokens doesn't gain a lot over monitoring in that case. Unless you know the particular id of the token in use by a given user, you would have to guess from the pool of tokens used by that organization. Monitoring the transactions for valid values for the wrong token on the wrong user would quickly detect a breach and let the system lock down.
  
  --
  AJ Henderson
4. Re:RSA is Offering to Replace Tokens by garyok · 2011-06-07 02:30 · Score: 1
  
  In the case of banking info, I'd assume it was the bank that issued the SecurID token to be RSA's customer. So all those tokens will be getting replaced. At least that's how it works in the UK. If a bank told me to I had to pay for their mandated authentication hardware, I'd tell them to get stuffed.
  Looks like that move to HSBC is off for the moment. Their internet banking was crappy anyway.
  
  --
  One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors - Plato
5. Re:RSA is Offering to Replace Tokens by JamesP · 2011-06-07 06:15 · Score: 1
  
  Except some banks do issue an RSA Token to their customers
  Not sure what they're going to do
  
  --
  how long until /. fixes commenting on Chrome?
Maybe now... by Anonymous Coward · 2011-06-07 01:10 · Score: 1

Wow, SecurID is broken. Maybe now my company will move away from the shitty VPN software they use.
Reparations by TardisX · 2011-06-07 01:18 · Score: 5, Funny

RSA is expected to replace practically every one of the 40 million SecurID tokens currently used.
Nah, how about just offer them a "sorry" and a couple of old games and call it even?

--

Command attempted to use minibuffer while in minibuffer
Re:Not how I thought it worked... by DrgnDancer · 2011-06-07 01:32 · Score: 1

How else would it work? The things change every minute: that's 31.5 million different numbers across a year, and yours have to be different than anyone else's. You think they just fire up the old pseudorandom number generator and cat 30 million numbers into a file, then keep track of which set of 30 million numbers needs to go onto the fob for any given company that might order one? The numbers are calculated based on an algorithm, a seed (which is unique to every company) and the current time/date. Since the seeds are compromised, they has got problems.

--
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
Glad We switched to YubiKey long ago. by VortexCortex · 2011-06-07 01:32 · Score: 4, Interesting

Our secure tokens are Yubikeys. We use RFID for physical access and the challenge response protocol for authentication.
We didn't like the thought of having to trust a 3rd party with our keys, so we run our own authentication services and use our own "seeds". This way we have one less attack/exploit surface (the MFG) to worry about -- Looks like it paid off for us this time!

Key Lifecycle Management
Re-configuration of YubiKeys by customers

For high security environments, customers may select not to share the
AES key information for their YubiKeys outside of their organization.
Customers may also for other reasons want to be in control of all AES
keys programmed into the Yubikey devices. Yubico therefore supports the
use of a personalization tool to reconfigure the YubiKeys with new AES
keys and meta data.

If RSA has your keys... are they really secure?!?!!
1. Re:Glad We switched to YubiKey long ago. by TheRealWheatley · 2011-06-07 01:39 · Score: 1
  
  Thanks Meat Cat!
2. Re:Glad We switched to YubiKey long ago. by definate · 2011-06-07 02:21 · Score: 1
  
  "You got cheesy blasters!" and then meat cat flies away on his skateboard.
  
  --
  This is my footer. There are many like it, but this one is mine.
Re:After it was obvious to all by Amouth · 2011-06-07 01:37 · Score: 1

we're now scrambling to envisage and generate reports from authentication logs for exceptions that might indicate we're being attacked or have been successfully attacked in the past.
why would you need to scramble? shouldn't you be looking at this anyways? on a regular basis? sure this is a good reason to take a second look - but be scrambling.

--
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
Re:After it was obvious to all by Amouth · 2011-06-07 01:38 · Score: 1

but be scrambling.
*but *shouldn't* be scrambling
sorry edit ate text

--
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
two factor? by vlm · 2011-06-07 01:40 · Score: 4, Insightful

All I can find is the usual journalistic garbage, some fear mongering here and there, some harsh comments about RSA, some financial "news" commentary. No real information.
Can anyone on /. with technical knowledge, comment on the hack breaking the entire system (essentially, rooting the auth system) or is it just breaking one of the two factors, that being able to predict the "random" number generation of the keyfobs, so I'm down to merely having a pretty good "one factor"?
Also is the protocol poorly enough designed that the attackers don't need to know anything about the keyfobs, or rephrased, does keeping the serial number info etc about individuals keyfobs secret prevent the break?

--
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
1. Re:two factor? by Anonymous Coward · 2011-06-07 01:58 · Score: 2, Insightful
  
  They have got the key to generate the "random" token. So, yes, it's down to one factor.
  But I guess the password is the easy part.. Password reuse, keylogger, etc....
2. Re:two factor? by AHuxley · 2011-06-07 02:03 · Score: 2
  
  http://arstechnica.com/security/news/2011/06/rsa-finally-comes-clean-securid-is-compromised.ars offers hints?
  
  --
  Domestic spying is now "Benign Information Gathering"
3. Re:two factor? by vlm · 2011-06-07 02:05 · Score: 1
  
  They have got the key to generate the "random" token. So, yes, it's down to one factor.
  But I guess the password is the easy part.. Password reuse, keylogger, etc....
  OK that's exactly what I'm looking for. So its no worse than dropping back to "one factor". The two apps/systems/companies I have personal experience with that use securid use two factor only as security theater, not a realistic threat model, not for legal compliance, etc, so they're safe.
  I was worried for a minute someone found a back door, like you can bypass any securid "protected" login using all nines as a password, you know, something like Sony would use....
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
4. Re:two factor? by vlm · 2011-06-07 02:11 · Score: 1
  
  is determined by a secret RSA-developed algorthm
  
  The algorithm is already public knowledge.
  Article is better written than most, or at least better cut and pasted, but needs editing. Which is it? Secret or public?
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
5. Re:two factor? by guruevi · 2011-06-07 02:44 · Score: 1
  
  The problem IS those companies that only use it for security theater. I can tell you, many companies I've seen allow the RSA key to be used as a password by itself practically making it a single factor authentication model or once they have the RSA keys, downplay the need for strong passwords. A lot of outside contractors get a single character password or a simple or repeated password and then use the token as the rest of the password.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
6. Re:two factor? by makomk · 2011-06-07 03:18 · Score: 2
  
  OK that's exactly what I'm looking for. So its no worse than dropping back to "one factor".
  Unfortunately, RSA have tended to encourage customers to use a 4 digit numeric password with SecurID in the past because the security of the dongle supposedly made this safe, and this is the single factor that their level of security has now been reduced too. Hence why they were so keen to encourage the use of strong passwords by their customers when they first discovered they'd been hacked.
7. Re:two factor? by Julie188 · 2011-06-07 03:30 · Score: 2
  
  It says that RSA isn't really coming clean with the details. Story says, "Coviello defended the company's decision by saying that they didn't want to reveal to the hackers how to mount further attacks." Of course, blackhats already know how to mount the attack ... by not coming clean with the details the ones that don't know how this happened and what they could be doing to protect themselves are the users.
  
  Julie
  Open Source Subnet
8. Re:two factor? by mbkennel · 2011-06-07 10:30 · Score: 1
  
  some blackhats know how to mount the attack. Lots of others don't.
  Remember, this is (with very high probability) a persistent and professional effort from a well-funded national intelligence service. Very serious. Even good black hats might not have the resources to accomplish this (which of course could include substantial personal physical wiretapping and replacement of manufactured devices).
Re:After it was obvious to all by erroneus · 2011-06-07 01:45 · Score: 1

They care more about their reputation than the service they provide. If someone else announces the problem, they are either "speculating" or they have dangerous inside knowledge which would be hard to prove without official acknowledgement from the company. But after so many others came out, it became increasingly difficult to "deny it without denying it" as their corporate lawyers and PR staff usually do. And at just about the same time that congress is beginning to wonder what's going on and call a hearing, they pre-empt by announcing it themselves.
My company's parent company uses these extensively on their gigantic network. When the story first came out about RSA I asked "should we be concerned?" The answer was "No" at the time. Of course, the answer is "yes" now as my company's parent company is one of the world's largest.
Re:After it was obvious to all by AJH16 · 2011-06-07 01:53 · Score: 1

In fairness to RSA, they did release updated best practices to their clients right away and had reason to believe (accurately) that the attackers were interested in the defense industry specifically, so they focused on fixing that first. Really, as long as you lock your system down if someone starts using the wrong RSA token with the wrong username repeatedly, then the chances of an actual penetration are still pretty minimal, at least for any sizable key-space. It's not a situation that would occur in almost any situation in real life, so setting the threshold for lock down to even 2 attempts would be sufficient. Sure it is still much less secure, but with a pool of say 100 users, you are still talking a .01% chance of a breach not being detected and shut down before being effective. That's still a very insignificant, particularly considering it leaves a very characteristic fingerprint of the attack that would make it rapidly obvious if someone was trying it on a large scale and they could take measures accordingly. (Statistically, a broad attack against all RSA clients would likely have a success, but it would still be complex to carry out quickly as usernames and passwords would need to be obtained for the targets as well.)

--
AJ Henderson
Re:Not how I thought it worked... by Dog-Cow · 2011-06-07 01:53 · Score: 1

Not that your fundamental point is wrong, but the number only needs to be unique for that authentication server for the 10 second window that the number remains valid. In other words, numbers can be reused amongst users, but not in the same time slot.
Re:After it was obvious to all by vlm · 2011-06-07 01:55 · Score: 1

we're now scrambling to envisage and generate reports from authentication logs for exceptions that might indicate we're being attacked or have been successfully attacked in the past.
why would you need to scramble? shouldn't you be looking at this anyways? on a regular basis? sure this is a good reason to take a second look - but be scrambling.
Having been there / done that, what he means is that today, over and above the normal procedure, some PHB around 5 to 10 levels higher in the org chart has mandated that he will call every person who logged in on the telephone and verify that at that time and date it was in fact that person who logged in and not someone else. Or similar level of foolishness.

--
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Re:Not how I thought it worked... by GameboyRMH · 2011-06-07 01:57 · Score: 1

Yep the RSA keyfob is basically doing something like an MD5-challenge (based on the time I'd assume) over SSL,* and this is like the private keys being stolen. It's not a one-time pad (which would actually be a pretty decent idea, but you'd need a new keyfob when the logins are depleted).
*Educated guess, I don't know exactly what it does

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
Who was watching RSA by gatkinso · 2011-06-07 02:01 · Score: 1

After all, at a minimum they had the same access to these networks that the hackers do.

--
I am very small, utmostly microscopic.
Re:Not how I thought it worked... by CProgrammer98 · 2011-06-07 02:04 · Score: 1

that wouldn't be at all practical. Why store millions of codes (one per minute for the lifetime of the devce) when very very few of them would be used. I use my RSA token maybe once a week on the days when I'm working from home.
2 minutes spent on wikipedia shows you g how 2 factor RSA authetication works.

--
And the people shall be oppressed, every one by another, and every one by his neighbour Isaiah 3:5
Comment removed by account_deleted · 2011-06-07 02:06 · Score: 3, Insightful

Comment removed based on user account deletion
Re:After it was obvious to all by Leebert · 2011-06-07 02:07 · Score: 1

If they actually cared about providing security to their customers instead of covering their own asses they'd have kept their customers fully informed, but they didn't.
Have you read their statement? They *still haven't* kept us informed. All they've said is that they'll replace the tokens, and that "the information taken from RSA in March has been used as an element of an attempted broader attack on Lockheed Martin".
Nowhere have they said that the seeds are compromised, nowhere have they told us exactly what information was leaked, only that the leaked information played a role in the LM attack.
The mind boggles.
hi by formation · 2011-06-07 02:09 · Score: 1

Check to see if your Company name is available http://bit.ly/m2IHF4
Comment removed by account_deleted · 2011-06-07 02:09 · Score: 1

Comment removed based on user account deletion
Re:After it was obvious to all by i_ate_god · 2011-06-07 02:20 · Score: 2

Their public statement, and their NDA-protected message given directly to clients are two, very different things.

--
I'm god, but it's a bit of a drag really...
Re:This means "Was never secure" by AHuxley · 2011-06-07 02:20 · Score: 1

After Enigma, Crypto AG, the Clipper chip initiative - the past would say your right.
Young nerds go to public international crypto conferences, see the new big public math.
They run back to their employee and buy generation after generation of closed boxes promised to be based on the safe math they so enjoyed with their peers.

--
Domestic spying is now "Benign Information Gathering"
Comment removed by account_deleted · 2011-06-07 02:21 · Score: 2

Comment removed based on user account deletion
Seems like a low-tech approach might be best by Marrow · 2011-06-07 02:26 · Score: 1

If you need to keep this machine super-secure and only serving a specific kind of data.....then talk to it via a serial port. No network stacks, no "oh that machine was under-utilized, so we added this function", no nuthin. I hated serial back in the day, but if this shit is going to keep happening, then kill it with fire.
1. Re:Seems like a low-tech approach might be best by marcosdumay · 2011-06-07 02:43 · Score: 1
  
  You simply don't want to have such a machine. You either use a hardware based true random number generator for seeding your random number generator, or you trust the number generation to your client. Also, you don't get to keep history of the seeds, or the private keys.
  
  --
  Rethinking email
House of cards... by Bert64 · 2011-06-07 02:36 · Score: 1

Serves them (rsa's customers) right for not understanding what it is they were buying into...
A system where someone else generates and retains a copy of all the keys, requiring you to have blind faith in that party to keep them secure... Did noone else see the serious flaws in such a system?
In order to build a secure system, look at encryption...
How encryption works is well known, the major algorithms are public knowledge, and are tried and tested. And yet the keys, when used properly are known only to the party who owns them...
You don't run a closed proprietary encryption algorithm, and you don't trust a third party to supply you with crypto keys... That is, unless you're a fool.
If you use such a system, you are placing blind faith in the third party who supplies that system... That party might sell you out to government agencies or for commercial reasons (ie highest bidder), might get hacked, might be infiltrated by a rogue employee, might leave a disk full of data on a train etc...
Because they are an external entity you have no control over them, you probably even gave away your right to sue them when you agreed to the license terms on their software... You are utterly beholden to a company you have no control over, basically they own you, and anyone who owns them also owns you.

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Why would it be? by wiredog · 2011-06-07 02:40 · Score: 1

No physical damage was done.

--

Best Slashdot Co
Re:Not how I thought it worked... by GameboyRMH · 2011-06-07 02:44 · Score: 1

As far as I can tell the only advantage of this RSA keyfob over SSH passphrased keyfiles on a flash drive is...
Well actually there isn't much of one. With the keyfiles on a flash drive, you have to physically steal the drive or get the data off the drive somehow, and then know the passphrase. If you physically steal this keyfob, you have the keys to the castle.

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
Re:After it was obvious to all by Amouth · 2011-06-07 02:46 · Score: 1

that is all fine and sounds good - but i don't consider that scrambling.. i guess to me its just a different meaning.. to me scrambling would be - having to figure out what needs to happen to be able to figure out where you are.

--
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
Network Security by DaMattster · 2011-06-07 02:57 · Score: 1

If I were in business doing high security work, I would design a secure network that is physically separate from the corporate one and have all jacks on the secure network colored in red with red cables. No software development related to high security work or high security information would be allowed on the corporate network. There would be no permanent connection to the outside world from the secure network. In the event that data does need to be transmitted, I would use a dial-on-demand style connection like PPPoE and wrap the data in sftp or scp encryption keeping the connection open only long enough to transmit, then dropping it. This is really the only way to stymie would be intruders. The connection would not be open long enough to try brute force methods. And, finally, perhaps most importantly, use OpenBSD to secure the network for when the transmission line is opened.
Re:Not how I thought it worked... by nharmon · 2011-06-07 03:08 · Score: 1

Not quite. When it comes to multifactor authentication, knowing the numbers from the fob is only one factor. You usually also have to put in a password.
Imagine an SSH keyfile with no passphrase, which gets you to the login prompt.
Re:After it was obvious to all by _Sprocket_ · 2011-06-07 03:14 · Score: 1

In fairness to RSA, they did release updated best practices to their clients right away and had reason to believe (accurately) that the attackers were interested in the defense industry specifically, so they focused on fixing that first. Really, as long as you lock your system down if someone starts using the wrong RSA token with the wrong username repeatedly, then the chances of an actual penetration are still pretty minimal, at least for any sizable key-space.
The "updated" best practices is just a rehash of normal best practices. Meanwhile, customers are in the dark as to what exactly is the threat they're dealing with. I suspect you're right in your description of the threat. But the problem is that it remains pure speculation. We just don't know. A security company should not be leaving their customers to speculate and second guess when they do, in fact, have facts available to them. RSA and their customers would be in a much better position if RSA would have simply stated what the compromise was and provided analysis on what they think that means to their customers. RSA's attackers likely already know.
Re:Not how I thought it worked... by GameboyRMH · 2011-06-07 03:17 · Score: 1

Oh that makes sense. It looks like Lockheed-Martin only required the numbers from the fob though.

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
Re:After it was obvious to all by Bert64 · 2011-06-07 03:39 · Score: 1

If you are a current customer however, was it you or some other employee who evaluated a system where a third party holds copies of the keys, and deemed such a system fit for use? Surely a system like this, where you are utterly beholden to the supplier would raise a red flag?

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Re:Not how I thought it worked... by dlgeek · 2011-06-07 03:51 · Score: 1

...That if I use a random computer, it can't copy the entire token the second I plug it in?
...That the user can't clone it because it's a physically secured device?
...That there exist robust services and integration with corporate networks to manage them and various enterprise-level software is already set up to interface with them?
I could come up with others, but hopefully I made my point. Yes, RSA screwed up. Yes, they never should have had the keys. But, they really have put a lot of time, effort and money into these. Random ad-hoc solutions like yours may be fine for your home network, but they don't scale to the scale that large enterprises and corporations (RSA's main customers) act at. They also don't come close to solving the problems that these tokens do.
Comment removed by account_deleted · 2011-06-07 05:04 · Score: 1

Comment removed based on user account deletion
Still using tokens? by WaffleMonster · 2011-06-07 06:46 · Score: 1

Just thinking about this pisses me off. SecurID in its current form does not deserve to exist. Simply rerolling the database and issuing new cards is NOT a valid response.
There is no excuse for token vendors not giving their users the tools to program their own fricking tokens they paid for without absurd greed motivated dependancies on RSA.
Given the expense of SecurID and its intended use in high security environments who the hell wants a threat model that includes a third party company? Why are they even storing this data after giving the customer the required license data for the tokens?
Not a single customer should have had any risk of compromise as a result of RSA being hacked. It is inexecusable. Those effected should demand more from RSA than business as ususal.
1. Re:Still using tokens? by dave562 · 2011-06-07 08:08 · Score: 1
  
  RSA does offer tools to program your own tokens. They offer software tokens and you do not even need a fob. You can get the token on your PC or smart phone. If the token gets compromised or lost, the administrator can deactivate it and issue a new one. There's a convenient web interface for managing the whole process, both for users and admins.
Re:After it was obvious to all by AJH16 · 2011-06-07 07:09 · Score: 1

Yeah, I agree that they need to be more forthcoming with detailed info. I was just defending that they are not untrustworthy as the previous poster had indicated. Though really, it is well understood how the system works and what information could potentially be compromised on their systems. It sounds like it was pretty much the worst case scenario that could occur (the situation I described is basically the worst possible case). It basically assumes that the token value is known and the only thing not known is the token that goes with a particular user. That said, I do realize now that the situation would actually be worse then though. If you can monitor someone's connection, you could gather their token and then run that timestamp against the known tokens to identify the pairing, granted you need to be able to MIM attack it, but it does raise my risk assessment by multiple orders of magnitude.

--
AJ Henderson
Re:After it was obvious to all by Rich0 · 2011-06-07 08:43 · Score: 1

Like many a company before them, they realized that their name alone was their most important asset. Some senior executive decided to save a few bucks by capitalizing on that name. The shareholders lose out, but the people who made those decisions have long ago collected their bonuses.
Re:After it was obvious to all by _Sprocket_ · 2011-06-08 03:48 · Score: 1

Yeah, I agree that they need to be more forthcoming with detailed info. I was just defending that they are not untrustworthy as the previous poster had indicated.
I would argue that not being forthcoming with detailed information concerning the effectiveness of your product(s) has a major impact on how much one can trust a security company.

Though really, it is well understood how the system works and what information could potentially be compromised on their systems.
The devil is in the details. Compromise of seed keys means something very different than compromise of source code for a SecurID authentication appliance (as examples). There is all manner of potential but exactly what happened is important to determine the impact. Speculation is no substitute for facts.

If you can monitor someone's connection, you could gather their token and then run that timestamp against the known tokens to identify the pairing, granted you need to be able to MIM attack it, but it does raise my risk assessment by multiple orders of magnitude.
Agreed - this would mean a significant degradation of the product and expose it to a major attack scenario tokens are supposed to be thwarting (keyloggers). And again... this is why detailed information is important where generic assurances and best practice lists are no substitute.