Go Back   nV News Forums > General Forums > Archived News Items

Newegg Daily Deals

Reply
 
Thread Tools
Old 05-21-12, 07:10 PM   #1
News
Registered User
 
Join Date: Jun 2009
Posts: 47,110
Post RSA SecurID software token cloning: a new how-to

A cloned SecurID software token created by computer, security consultant Behrang Fouladi.
Behrang Fouladi


A researcher has devised a method attackers with control over a victim's computer can use to clone the secret software token that RSA's SecurID uses to generate one-time passwords.

The technique, described on Thursday by a senior security analyst at a firm called SensePost, has important implications for the safekeeping of the tokens. An estimated 40 million people use these to access confidential data belonging to government agencies, military contractors, and corporations. Scrutiny of the widely used two-factor authentication system has grown since last year, when RSA revealed that intruders on its networks stole sensitive SecurID information that could be used to reduce its security. Defense contractor Lockheed Martin later confirmed that a separate attack on its systems was aided by the theft of the RSA data.

Last week's blog post by SensePost's Behrang Fouladi demonstrated another way determined attackers could in certain cases circumvent protections built into SecurID. By reverse engineering software used to manage the cryptographic software tokens on computers running Microsoft's Windows operating system, he found that the secret "seed" was easy for people with control over the machines to deduce and copy. He provided step-by-step instructions for others to follow in order to demonstrate how easy it is to create clones that mimic verbatim the output of a targeted SecurID token.

Read more | Comments







More...
News is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 02:34 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.