RSA APT and I’m Sure I’ll Find More 3-letter Things

Posted on March 18, 2011 by billford

RSA, the EMC owned vendor of two factor authentication solutions was breached last week. While they’re not being too forthcoming on details it is believed that the attackers were after their two factor authentication customer “seed” files. These are essentially the codes they use to generate the encryption in the product. This is of course pure speculation but in the vacuum of information RSA has created it’s all we have to go on.

Let me preface this by saying I’m REALLY not trying to pile on RSA here, not that they would care if I did, I know as much about what happened to them as you do. This recent revelation on a so-called APT attack on them (http://hlurl.com/vn) just brought into relief a problem I’ve been thinking about for a while. Any regular reader of this blog knows I am in hate with all sort of so-called experts and vendors that will solve all your problems for you. RSA just happens to be one of those vendors that promises to solve a lot of problems for you. I wonder if they were trying to solve it for themselves?

I’ve often thought/said/written that many (not all) vendors, their employees and so-called experts have never been operationally involved in a lot of the things they claim to protect you against. They’ve never fended off a DoS attack or mitigated a web application attack but they’re selling you “solutions” that they’ve built that will. Lab work and real work are entirely different worlds, they just are. Often these vendors violate their own rules and take a “cobbler’s children” approach to their own security. I could list a lot of vendors that do this but I won’t because I don’t like lawsuits. :-) It’s enough to say that the number is probably higher than I would guess. How does this relate to RSA?

Well today I decided to see if RSA had any advice on how to prevent so-called APT attacks (a controversial term in and of itself) and guess what? They totally do! http://hlurl.com/vo Again, I’m not solely picking on them, this kind of stuff can happen to anyone. My larger point is, if you’re going to sell this stuff, you should practice it on your own networks. If you’re practicing it and find out it doesn’t work for some reason, you should revise it and keep fine tuning it until it does. It’s okay to be wrong, it’s not okay to keep being wrong.

Full Disclosure: I’ve never been a fan of RSA in general and we do sell an alternative product which, in my opinion, works much better and simpler. It’s called WiKID, you should check it out.

This entry was posted in Blog, General Security, WiKID. Bookmark the permalink.