Here's the email RSA sent out to actual customers yesterday:
[header removed] Subject: RSA, the Security Division of EMC, urges critical actions for SecurID installations
Dear RSA SecurCare® Online Customer,
Summary:
We have determined that a recent attack on RSA’s systems has resulted in certain information being extracted from RSA’s systems that relates to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. RSA urges immediate action.
Description:
Recently EMC’s security systems identified an extremely sophisticated cyber attack in progress, targeting our RSA business unit. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.
Our investigation has revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.
We strongly urge immediate customer attention to this advisory, and we are providing immediate remediation steps for customers to take to strengthen their RSA SecurID implementations.
Affected Products:
The affected products are RSA SecurID implementations.
Overall Recommendations:
RSA strongly urges customers to follow both these overall recommendations and the recommendations available in the best practices guides linked to this note.
* We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks. * We recommend customers enforce strong password and pin policies. * We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators. * We recommend customers re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts. * We recommend customers pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories. * We recommend customers watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes. * We recommend customers harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software. * We recommend customers examine their help desk practices for information leakage that could help an attacker perform a social engineering attack. * We recommend customers update their security products and the operating systems hosting them with the latest patches.
For RSA product-specific recommendations, please follow the links below to the Security Best Practices Guides for each product. If you are unable to access the files via RSA SecurCare, please contact support at: [removed]
Or, heaven forbid, there might be some people buying multiple iPods...
For example, over the course of the product, I've owned 4 different iPods. Apparently this means that my online music buying should have quadrupled, which it did not.
Thus, the link between iPod sales and buying music online is not directly proportional.
Depending on your focus and your location, I'd suggest looking at any law firms in your area that specialize in cyberlaw. There's a definite shortage of people in that field with a knowlege of digital forensic procedure.
As a plus, they're typically not so concerned with security clearances, so it should be easier to get your foot in the door.
I've been involved in the Freedom project since the very beginning. I'm one of the original beta server operators, and the part that I find amusing is that all the servers run on linux. So, even if they drop the client support, they'll never get away from Linux.
And no, I've never used the client, for many of the reasons listed elsewhere on this site and others.
Why the humans look animated...
on
Reviews:Shrek
·
· Score: 1
According to an "Industry Standard" article I read on the movie, they actually had to scrap the original human animations because they were too life-like. They didn't fit in with the rest of the animated world. DreamWorks had to completely rework the people in this film to be a little less realistic. So, keep that in mind when complaining about the animation.
Slashdot Mirror
Here's the email RSA sent out to actual customers yesterday:
[header removed]
Subject: RSA, the Security Division of EMC, urges critical actions for SecurID installations
Dear RSA SecurCare® Online Customer,
Summary:
We have determined that a recent attack on RSA’s systems has resulted in certain information being extracted from RSA’s systems that relates to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. RSA urges immediate action.
Description:
Recently EMC’s security systems identified an extremely sophisticated cyber attack in progress, targeting our RSA business unit. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.
Our investigation has revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.
We strongly urge immediate customer attention to this advisory, and we are providing immediate remediation steps for customers to take to strengthen their RSA SecurID implementations.
Affected Products:
The affected products are RSA SecurID implementations.
Overall Recommendations:
RSA strongly urges customers to follow both these overall recommendations and the recommendations available in the best practices guides linked to this note.
* We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.
* We recommend customers enforce strong password and pin policies.
* We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators.
* We recommend customers re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts.
* We recommend customers pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories.
* We recommend customers watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes.
* We recommend customers harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software.
* We recommend customers examine their help desk practices for information leakage that could help an attacker perform a social engineering attack.
* We recommend customers update their security products and the operating systems hosting them with the latest patches.
For RSA product-specific recommendations, please follow the links below to the Security Best Practices Guides for each product. If you are unable to access the files via RSA SecurCare, please contact support at:
[removed]
Or, heaven forbid, there might be some people buying multiple iPods...
For example, over the course of the product, I've owned 4 different iPods. Apparently this means that my online music buying should have quadrupled, which it did not.
Thus, the link between iPod sales and buying music online is not directly proportional.
Depending on your focus and your location, I'd suggest looking at any law firms in your area that specialize in cyberlaw. There's a definite shortage of people in that field with a knowlege of digital forensic procedure.
As a plus, they're typically not so concerned with security clearances, so it should be easier to get your foot in the door.
Just imagine how much more efficiently you could go about 'generating revenue' if you'd focus on that instead of trying to do IT's job for them.
Damn, I'm only a Fortune 500 sysadmin...
The hole he's referring to requires some particular circumstances before it's even viable.
The attacker must:
Be on your local network
Already have control of your DHCP server
If both of the above are true, you already have much more serious problems.
While I agree that remote root/admin is bad juju, in this case it's hardly equivalent to the Windows remote admin exploits to which he's comparing it.
Parker Brothers should offer themselves up as consultants to the Federal Reserve Board.
After all, they already have the whole process down pat...
I've been involved in the Freedom project since the very beginning. I'm one of the original beta server operators, and the part that I find amusing is that all the servers run on linux. So, even if they drop the client support, they'll never get away from Linux.
And no, I've never used the client, for many of the reasons listed elsewhere on this site and others.
According to an "Industry Standard" article I read on the movie, they actually had to scrap the original human animations because they were too life-like. They didn't fit in with the rest of the animated world. DreamWorks had to completely rework the people in this film to be a little less realistic. So, keep that in mind when complaining about the animation.