RSA hacking fallout

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

RSA hacking fallout

Post by Eric! »

A lot of big names show up on this list:

http://krebsonsecurity.com/2011/10/who- ... attackers/

Interesting to see the CNC locations. Another reason to worry about CNNIC as a root CA.
Hermit TL
Forum Commoner
Posts: 69
Joined: Mon Nov 21, 2011 12:16 am

Re: RSA hacking fallout

Post by Hermit TL »

I may be mistaken, but doesn't the only known exploit of RSA require proximity to the machine? Which would mean RSA is not the primary problem, the company(s) that don't lock down and monitor physical access to their servers are just asking for problems.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: RSA hacking fallout

Post by Eric! »

No. Sorry I didn't really explain my post well. I am are talking about the company RSA and their security tokens that companies all over the world use to secure their VPNs. Details of attack: http://blogs.rsa.com/rivner/anatomy-of-an-attack/

Using the tokens apparently the VPN's could be accessed remotely quite easily. Many were detected, but quite a few weren't. The details surrounding the use of the tokens to hack the network has been vague.

However some of the locations that were hacked using stolen RSA tokens were also CA locations which would allow hackers the potential to create root CA's and spoof TSL connections. The hacking traffic was primarily tracked to CNC servers in China, and now China CNNIC is a also a root CA center which makes me paranoid.

The RSA attack was major because most defense and large tech companies use their service.
Post Reply