By Doug Woodburn
Rival SecurEnvoy claims channel partners are being inundated with calls from panicked RSA end users in wake of security attack
RSA Security ‘s customer-data breach has sparked “panic” among the vendor’s customers and channel partners, according to rivals.
In an open letter to customers posted on RSA’s website yesterday, executive chairman Art Coviello admitted that an attack had resulted in “certain information being extracted from RSA’s systems”.
Some of that information relates to the EMC-owned company’s SecurID two-factor authentication (2FA) products, Coviello said.
“While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack,” he said.
Andy Kemshall, co-founder of rival 2FA vendor SecurEnvoy, told ChannelWeb that he had been fielding calls from concerned resellers since 1am.
“Channel partners are being inundated with calls from customers panicking regarding their security,” he said. “They believe their tokens have been compromised.”
Former RSA executive Kemshall claimed that RSA’s customers were still in the dark as to whether or not the vendor’s centrally stored ‘seed records’ had been compromised.
If this was the case, any tokens associated with those seed records would also be compromised, said Kemshall.
“Our resellers and end users believe the seed records have been compromised,” he said. “This would mean anyone with the Cain and Abel [password recovery] tool could compromise the second-factor token code so only the pin is left. RSA has suggested that customer data has been compromised but it hasn’t confirmed whether it is seed data, nor has it denied it.”
Kemshall as well as Jason Hart, European chief executive at 2FA vendor Cryptocard, argued the fact RSA customers do not generate their own seed records is a flaw in RSA’s strategy.
Hart said: “It is very worrying and very scary. We have had a lot of inbound enquiries from partners and customers. The fact RSA has come out publicly and said it’s a problem is the right thing to do.”
Ian Kilpatrick, chairman of security distributor Wick Hill, said: “It’s very positive that RSA have publicly addressed it but it appears to be quite a significant incident.”
Coviello urged customers to follow the steps outlined in its SecureCare Online Note.
“We are committed to applying all necessary resources to give our SecurID customers the tools, processes and support they require to strengthen the security of their IT systems in the face of this incident,” he said.
“Our full support will include a range of RSA and EMC internal resources as well as
close engagement with our partner ecosystems and our customers’ relevant partners.”
Related articles
- RSA’s SecurID Security Breach: What Should You Do? (pcworld.com)
- RSA Security breached by APT (infosecpodcast.com)
- RSA’s SecurID targeted in data breach (thetechherald.com)
- After RSA Breach, Are SecurID Tokens in Jeopardy? (pcworld.com)
a cross-discipline overview of smart card including attacks