As more companies with national security interests come forward with admission of breaches related to the hacking of RSA’s SecurID technology, one wonders if it is time for RSA to break its stubborn refusal to tell the public what exactly was stolen or when the breach actually occurred. At this stage, it is not just enough to tell the public that it had been hit by a phishing email exploiting a zero-day vulnerability in Adobe Reader.
rsa
Breaching the Bastille: When Security Vendors Get Hacked
The recent rash of exposures about successful attacks against information security vendors may come as no surprise to a lot of people in the information security world who probably see or hear about it frequently, but it will surely come as “shocking” to most “ordinary” folks.
HBGary, RSA, Comodo and Barracuda Networks are the latest of high-profile security vendors to be breached. As a quick refresher, EMC’s RSA group disclosed that someone had broken into its networks and obtained information that could compromise its SecurID products.