EMC has confirmed that information stolen from RSA related to its SecurIDs had been used in the Lockheed Martin breach, and has offered to replace millions of potentially compromised “SecurID” tokens after hackers used data stolen from its RSA security division. The Pentagon’s number one arms supplier and the government’s top information technology provider was attacked online last month, underscoring a growing threat to national US security.
The widely popular electronic tokens use a two-factor approach to authenticate the person trying to access a system. They also interfere with the effectiveness of common key-logging malware in capturing and compromising passwords by generating new passwords each time a system is accessed. The SecurID token generates a new string of digits every minute, that the user must enter along with a secret PIN, before they can access the network. If the user fails to enter the string before the timer expires, access is denied.
This will be an expensive fix for EMC. I await details on who to contact and how to get the new SecureID tokens.