There goes the census data,
For security purposes, will everyone please reset their password, change their name, birthdate,religion and gender,
Lockheed Martin has reportedly suspended remote access to email and corporate apps following the discover of a network intrusion that may be linked to the high-profile breach against RSA earlier this year. The manufacturer of F-22 and F-35 fighter planes has reset passwords in response to a "major internal computer network …
Once again small businesses may fail trying to pick-up the pieces of incidents like this but big business plays as the victim.
There are a million ways to secure networks in this age and these companies simply don't do it because it would be a bother since they employ contractors and outsource various business functions that require network access from all over the place to the extent they have no idea who will be accessing their networks.
We have too big to fail and too big to be held accountable for problems. Maybe they will get a small fine or perhaps they can fine the rest of us for keeping secure networks.
This post has been deleted by its author
as soon as RSA got hacked, a straight up strong password became more secure, so lockheed being in possession of a great deal of classified info, should have immediately discarded their system and either implemented a new one, or turned off remote access. It's not like it's been several months since this was reported.
Security is far more important than convenience. The sooner everyone realizes this the better off we'll be.
RSA is circling the drain. As soon as everyone comes to terms with this and stops living in denial they'll realize that RSA = FAIL and had better do something, now, today, immediately.
If you don't you are a fool and you'd better expect your system to go down in flames just like Lockheed's.
New fobs won't help, RSA is hopelessly broken. Get something else. At least with passwords if one of them gets hacked, that's just one account, not all of them.
"There should be a file there containing the text "We are legion. Expect us."
Oh wait. This isn't Sony." ... Anonymous Coward Posted Friday 27th May 2011 15:37 GMT
Hi, AC, there are certainly a lot of you hiding behind that convenient moniker, but no matter, the comfort of crowds in a strange space place is perfectly understandable and it does assist one in remaining remarkably cowed and even paranoid, although one supposes ultra careful is a common excuse used to justify a virtual charade of a mind game.
However, in other Cyber Parallel Universes keep your peepers peeled for the advisory text ...... "Prepare yourselves for a New Virtual Narrative with Real SMART AIDMinistration." ...... which is a similar message but from sources more open to positive constructive engagement with primitive and/or primeval and/or primary forces ..... and Movers and Shakers that Create the Reality and Infrastructure of Future Existence.
* And who decides on who gets a whack of that pie, or is one expected to hack into the system and crack open the shell that then spills the beans on how everything works and how you can guarantee yourself and everyone else exactly what they need. Does an Anonymous Coward and computer generated name head up that money spinning operation for government wonks/works in order to guarantee it stays within a private circle of inadequate friends?
I can't help wondering why some want to hold Sony to a higher degree of scrutiny than a leading defense contractor. I note that even the article takes a conciliatory tone over the attack.
Good grief, this is a major defense contractor that works on highly classified projects, and yet their network was penetrated and will be down for a period of at least two weeks for remote access users all of whom now have to get new tokens. Should we not expect that if anyone can secure a network against attack it would be a leading defense contractor that is a clear target for foreign sponsored cyber attacks?
I can't help but wonder whether that Amazon cloud computing service was used to brute force some SecureID tokens in order to do an end run around all the usual PSN security and access things from the 'inside'
That's pretty much what was being attempted at LM. Interesting. I'm thinking that anyone using SecureID wants to re issue tokens, or try something else.
Planning a campaign of action with fabulous goals is wholly dependent upon one having the all fields intelligence to achieve them, and that invariably requires the best of intelligence available. And whereas the following Information Operations revision may be intentional, it is hopelessly quarantined by that aforementioned caveat ...... http://cryptome.org/dodi/dodd-3600-01.pdf
Have you any idea just how good are such services, as are provided by leading lights in those virtual environments? And can you imagine who warrants and flies the Royal Standard for Blighty in such as are Real Intellectual Property Endeavours? Or is that a provision which has been right royally abdicated and would now be pathetically reliant upon a foreign agenda ...... which is a novel trojan program which has just feigned abdication for stealthy access to foreign agenda source codes for a catalogue of available systemic zeroday vulnerabilities.
Methinks they are a national treasure and will, until such times as may be appropriate, remain totally secret and perfectly unknown to all but a SMART few with a legitimate need to know, lest they suffer grave misfortune at knowing even just a little bit too much of what they do not need to know.
Knowledge is Power, but without ITs Control, can IT be Deadly Dangerous and Catastrophically Self Destructive .
http://www.rsa.com/node.aspx?id=1313
Yes...how could they make more of these. They don't keep that many on hand and there's just no time.....
They may possibly want to change one of the tag lines about what it will do for you....you decide which one.....
* Strong two-factor authentication in a highly secure software implementation
* Convenience with merging of RSA SecurID technology onto a user’s personal device and eliminating the need to carry another item
* Support for a wide range of computing platforms and devices
* Flexibility for authentication models and policies, with support for up to ten software tokens on one device