Tuesday, June 26, 2012

More things to worry about

RSA SecurID 800 tokens appear to be compromised along with other brands. This month has been crazy on the security exploit and malware side of the house. There has been a rash of new and very interesting exploits and some pretty fun new malware. Earlier this month we also saw the boat get rocked, per say, when we learned of an exploit for hypervisors. Now a hypervisor attack has always been the holy grail of theoretical attacks right behind hard tokens, but before this month it was just that, theoretical. If the hypervisor attack proves to be true and left un-patched, this could nullify a lot of cloud deployments. (reference)

And it even gets more scary. Today, once again, we get to worry, really worry. The objects we have come to rely on for real secure authentication, hard tokens, are proving to be vulnerable in under 9 minutes of hacking.  Today we learn that the RSA SecurID 800 along with a few other brands of tokens have been exploited. (research paper)