RSA Secure ID update
21st March 2011
You may have read in the news over the weekend that RSA Security recently experienced a cyber attack resulting in the theft of information specifically related to its SecurID two-factor authentication products. RSA has stated that the theft would not enable a direct attack on its SecureID Tokens, but neither has it confirmed exactly what details have been stolen, or if it includes the seed codes or token serial numbers. The seed is a unique code for each two-factor token, and is the base from which numbers are generated as part of the two factor authentication process.
If the serial number of the token as well as the seed have been stolen, then it is theoretically possible to calculate the token code. However, any would be hackers would still need to know the serial number of the token allocated to a user and also be in possession of the individual's username and password/pin to successfully gain access. Whilst the situation is still unclear, Imerja is advising its customers to consider taking the following precautionary measures, which refleect good practice in any similar situation: