Page 1 of 1

RSA hacking fallout

Posted: Thu Oct 27, 2011 2:10 pm
by Eric!
A lot of big names show up on this list:

http://krebsonsecurity.com/2011/10/who- ... attackers/

Interesting to see the CNC locations. Another reason to worry about CNNIC as a root CA.

Re: RSA hacking fallout

Posted: Fri Nov 25, 2011 7:37 am
by Hermit TL
I may be mistaken, but doesn't the only known exploit of RSA require proximity to the machine? Which would mean RSA is not the primary problem, the company(s) that don't lock down and monitor physical access to their servers are just asking for problems.

Re: RSA hacking fallout

Posted: Sat Dec 10, 2011 12:38 pm
by Eric!
No. Sorry I didn't really explain my post well. I am are talking about the company RSA and their security tokens that companies all over the world use to secure their VPNs. Details of attack: http://blogs.rsa.com/rivner/anatomy-of-an-attack/

Using the tokens apparently the VPN's could be accessed remotely quite easily. Many were detected, but quite a few weren't. The details surrounding the use of the tokens to hack the network has been vague.

However some of the locations that were hacked using stolen RSA tokens were also CA locations which would allow hackers the potential to create root CA's and spoof TSL connections. The hacking traffic was primarily tracked to CNC servers in China, and now China CNNIC is a also a root CA center which makes me paranoid.

The RSA attack was major because most defense and large tech companies use their service.