I'm seeing a lot of panic on the internet as people speculate a master key compromise or identified vulns in the implementation but we really don't know. The bottom line is this damages the trust relationship with RSA and the SecurID tokens. I think it's a good idea to take a closer look at your CSIRT processes and take this into consideration, but I think the assumption that 40 million 2FA tokens are broken is a bit alarmist. I will tell you that I'm not revoking all the tokens in my environment, but I'm keeping a much closer eye on my VPN gateway/fw and probably will continue to do so until we learn a bit more about the risks associated with this breach.
I also question the whole APT thing which bothers me as we see more and more compromises blamed on APT as if that somehow makes it all OK. It seems lately than anything more advanced than a skiddie attack get blamed on APt and that's just foolishness.
Last edited by tturner
on Fri Mar 18, 2011 10:26 am, edited 1 time in total.
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP
WIP: Vendor WAF stuffhttp://sentinel24.com/blog