tag:blogger.com,1999:blog-4384692836709903146.post6043693379364093192..comments2024-03-27T09:55:23.143-07:00Comments on Dispatch from the Digital Health Frontier: The RSA AttackJohn Halamkahttp://www.blogger.com/profile/04550236129132159307noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4384692836709903146.post-22738771332701778822011-04-26T03:33:49.519-07:002011-04-26T03:33:49.519-07:00And thanks to you, for sharing this important info...And thanks to you, for sharing this important information, especially the four stages. Very important information that we need to have (and which a lot of folks just don't think about). Appreciate the post.Guy St. Clairhttps://www.blogger.com/profile/08936276691108525763noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-80306845442228817952011-04-14T08:52:51.533-07:002011-04-14T08:52:51.533-07:00Sadly, many of these attacks are not brute force, ...Sadly, many of these attacks are not brute force, but merely take advantage of under-educated employees with little techincal knowledge. Make an email look the least bit legitimate and they'll open any attachment you provide them.<br /><br />Basic education on computer and internet security needs to be provided for all employees, especially at companies like RSA, but also in the healthcare world as systems get more exposure to internet. Ignorance is a hacker's best tool.Ryannoreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-81042595716440926992011-04-12T18:13:17.892-07:002011-04-12T18:13:17.892-07:00I'd argue RSA has been anything but candid abo...I'd argue RSA has been anything but candid about the attack. The nature of the compromised data, about which it has been silent, has a huge impact in the efficacy of the two-factor solution.<br /><br />It would appear, based on the advisories and best practices published by RSA, that token seeds were compromised. If that is true, it's unconscionable for RSA not to disclose the exact threat its customers now face. If not, then RSA needs to explicitly say so.<br /><br />Great blog, BTW. I just see this incident as an example of exactly what *not* to do in the event of a data breach.Davidnoreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-25954721626345959522011-04-12T10:14:33.738-07:002011-04-12T10:14:33.738-07:00It has been reported that RSA have been sharing de...It has been reported that RSA have been sharing details about what was stolen with certain companies under an NDA. <br />See<br />http://www.infoworld.com/d/security/rsa-details-securid-hack-customers-sworn-secrecy-019<br /><br />A detailed account of how the hack was done is available on RSA's own blog:<br />http://blogs.rsa.com/rivner/anatomy-of-an-attack/<br /><br />My 2 cents: Targeted attacks based on research and social engineering are almost impossible to stop. As someone at the NSA stated in December: "The most sophisticated adversaries are going to go unnoticed on our networks. We have to build our systems on the assumption that adversaries will get in."<br /><br />If you have something that needs protecting, better isolate it and lock it down tight i.e. very restricted physical and network access, and no e-mail, web browsing, etc.Alannoreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-29661929126981820062011-04-12T04:28:38.430-07:002011-04-12T04:28:38.430-07:00First, thanks a lot for your blog! I have recently...First, thanks a lot for your blog! I have recently taken a position of a Healthcare architect with a software vending company and your blog contains a lot of information that I am learning from. <br /><br />I wonder, did RSA notify the enterprises whose employees' identities have been compromised? Did this attack entail major overhaul of securIDs/accounts for any of the RSA's clients?Ivannoreply@blogger.com