[AusNOG] RSA SecurID tokens hacked

Andrew Paternoster Andrew at screwloose.com.au
Mon Mar 21 12:01:07 EST 2011


Most people use the RSA along with a 2nd piece of info ( pin or password) so most peoples data isn’t totally vulnerable. I remember there was a program that could generate the code for the first RSA tags. But you needed the seed for the key you wanted to generate the codes for. 

Thank you
Andrew Paternoster


 
Screwloose Software
S (03) 9095-7290  (03) 9095-7299
11-15 HighTech Place, Lilydale, Vic 3140
www.screwloose.com.au


-----Original Message-----
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Brad Gould
Sent: Monday, 21 March 2011 12:05 PM
To: James Troy
Cc: AusNOG
Subject: Re: [AusNOG] RSA SecurID tokens hacked

The system still relies on its basic cryptographic strength (or lack thereof).

Its not like someone has actually found a vulnerability in the RSA "system" - unless that was the vector used to gain access for the hack:)



On 21/03/2011 11:25, James Troy wrote:
> From:
> http://www.theage.com.au/technology/security/hacked-security-firm-leaves-aussies-vulnerable-20110321-1c2i4.html
>
> Looks like anyone who uses these tokens should be very careful.
> Interesting how a company that we trust with securing our most delicate
> online transactions can become vulnerable.
>
> *James Troy**|*
>
> *Network / Windows Administrator*
>
> **
>
> *INTRALOT AUSTRALIA PTY LTD*
>
> [A]Level 1 283 Normanby rd
>
> Port Melbourne VIC 3207
>
> [T]+ 61 3 9915 6267
>
> [E] james.troy at intralot.com.au <mailto:james.troy at intralot.com.au>
>
> [F]+ 61 3 9645 6066
>
> [W] *_www.intralot.com.au_*
>
> INTRALOT_AUSTRALIA
>
> *P*Please consider the environment before printing this e-mail
>
>
> ------------------------------------------------------------------------
>
> The information in this electronic mail is confidential, intended only
> for use of the individual or entity named. If you are not the intended
> recipient, any dissemination, copying or use of this information is
> strictly prohibited. If you have received this transmission in error
> please delete it immediately from your system and inform us by email on
> reply at intralot.com.au. This email and any attachments have been scanned
> for computer viruses using anti-viral software, but you should also
> perform your own scan. We do not accept liability for any loss or
> damage, whether caused by our own negligence or not, that results from a
> computer virus or a defect in the transmission of the email or any
> attached file.
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-- 
Brad Gould, Network Engineer
Internode
PO Box 284, Rundle Mall 5000
Level 5, 150 Grenfell Street, Adelaide 5000
P: 08 8228 2999  F: 08 8235 6999
bradley at internode.com.au; http://www.internode.on.net/
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog



More information about the AusNOG mailing list