RSA Hacked

[David Auclair <d.auclair () UTORONTO CA>]

For those of you that haven't yet heard the news, RSA has been hacked.  They've apparently taken sensitive information 
pertaining to the SecurID system.

> From their post:
"Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our 
investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of 
that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are 
confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID 
customers, this information could potentially be used to reduce the effectiveness of a current two-factor 
authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA 
customers and providing immediate steps for them to take to strengthen their SecurID implementations."

Their full post is here:
http://www.rsa.com/node.aspx?id=3872

They're supposedly releasing more information soon.


Regards,
David Auclair
Information Security Group
Information and Technology Services
University of Toronto