After a couple months of denial, RSA has finally come clean. SecureID is fatally compromised and will need replacement.
If you’re using SecureID tokens, they are no longer valid proof of “something you have” and cannot be relied upon as an authentication source. Switch to something else or shut down the service they are securing as soon as possible.
Leave a Comment » | 
Exploits | 
Permalink
Posted by matt
From this article at the Wall Street Journal:
The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force… Pentagon officials believe the most-sophisticated computer attacks require the resources of a government. For instance, the weapons used in a major technological assault, such as taking down a power grid, would likely have been developed with state support, Pentagon officials say.
As Lauren Weinstein pointed out on the IP list, you couldn’t possibly come up with a better challenge to incite black hats. “You think only a foreign government can take out a power grid? Well, watch _this_!”
Leave a Comment » | Legal, Syndicated | Permalink
Posted by matt