RSA Security has offered to replace the SecurID
tokens used by enterprises and government agencies to secure their
networks after attackers attempted to hack a defense contractor’s
network in May.
Intruders managed to breach defense contractor Lockheed Martin’s network in May when it bypassed RSA Security’s SecurID technology, RSA Security Chairman Art Coviello acknowledged in a letter to customers on June 6. While Lockheed was hacked, no information was compromised, according to the Wall Street Journal.
Cyber-attackers initially compromised RSA Security with a phishing email exploiting a zero-day Adobe vulnerability,
Coviello disclosed in March. The company declined to specify exactly
what had been stolen but acknowledged it was "information relating to
the SecurID technology."
"RSA clearly knew what was breached to begin with
and what the implications were and they didn’t do anything about it,"
Bobby Kuzma, president of Central Florida Technology Solutions, a
security solutions provider, told eWEEK.
RSA should have replaced the tokens immediately,
not waited until after three major defense contractors were attacked,
Kuzma said. The company had a duty to its clients to disclose "any
material defects in the solution," according to Kuzma.
To read the original eWeek article, click here: RSA Will Replace SecurID Tokens in Response to Lockheed Martin Attack