BLOG

More security problems

I know a lot of people are putting all their eggs in the 2 factor authentication (2FA) basket as a solution to the recent breaches. Earlier this year, however, RSA had their internal systems breached and unknown data was stolen. Speculation from a lot of sources is that the information stolen from RSA by the attackers could be used to infiltrate systems protected by 2FA.
Today I, Cringely reports that a very large U.S. defense contractor may have been breached despite protection by SecurID. Anyone who has been around folks that work for defense contractors, or even just people with security clearances, knows that security and secrecy becomes second nature. They are naturally suspicious and careful, particularly when interacting with secure systems.
What should really concern anyone thinking about implementing security is that the defense contractor’s security folks implemented extra security after the RSA breach, but someone still managed to infiltrate their systems.
Whatever happens with RSA and the defense department, it’s pretty clear that 2FA is not a panacea. And even when we’re talking about security experts, including defense contractors and RSA, hackers can still get into their systems.
Many of the compromises start with spam linking to payloads. In fact, just last night another email expert had their gmail account compromised, resulting in virus being sent to multiple mailing lists and individuals. Some of the compromises happen through Facebook with links that fool people who should know better.
Security is critical for everything on the internet. But recently the attackers seem to be gaining the upper hand over the defenders. When even the experts are compromised, what chance does the average user have?
UPDATE: Reuters reports that the defense contractor was Lockheed.

3 comments

  1. pgl says

    It’s the endless game of cat and mouse – sometimes the good guys have the upper hand, sometimes the bad guys. The good guys develop better crypto, the bad guys develop better hacking techniques – lather, rinse, repeat.
    Still, pretty nuts about the whole RSA thing.

  2. Tim says

    Wow.. interesting to know hackers can still get in.

  3. 3 Billion Passwords Per Second. Are Complex Passwords Enough Anymore? | MailChimp Email Marketing Blog says

    […] are ever stolen, we strongly recommend you activate our new (and free) security features.See also:More Security Problems, from Word to the Wise “When even the experts are compromised, what chance does the average […]

Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.