RSA's Servers Hacked

Khopesh writes "EMC subsidiary RSA was the victim of 'an extremely sophisticated cyber attack' which resulted in the possible theft of the two-factor code used by their SecurID products." The Boston Herald has a short article on the intrusion. Update: 03/17 23:54 GMT by T : Reader rmogull adds "With all the hype that's sure the explode over this one, we decided to do a quick write-up to separate fact from speculation."

Ouch

[the linux geek]

These guys aren't like HBGary - RSA basically invented huge portions of modern cryptography. I'm interested in seeing the specifics on how this happened.

time for new laws!

[swell]

This is just the opening that lawmakers need to promote panic and obliterate resistance to their 'protective legislation', which will surely be filled with special interest items buried in legalese.

Re:Crap, crap, crap

[Shikaku]

Explain that to his manager.

I'll bet $1337 that GP's scenario will occur anyway.

Re:Ouch

[dfcamara]

Hacking systems very rarely involves breaking cryptography. It's bad reputation for their sys admins but not so for their cryptography experts.

Argument

[DaMattster]

This is precisely why security products should be open sourced. The fact that RSA was compromised and some data (potentially alogrithms) on the RSASecureID was obtained, nullifies any F.U.D. that open source is less secure. If these algorithms had been out in the open, there would be no reason to panic because the development community would have access to the very source code and vulnerabilities addressed rapidly. Now the intruders have the keys to the castle and the only entity that can address the ensuing vulnerabilty is EMC.

Re:Ouch

[MichaelKristopeit413]

Hacking systems very rarely involves breaking cryptography.

until now.