Friday 76

Who secures the securers?

Filed under: Computers, Security — Tags: — zundel @ pm

The antics of HBGary were just amateur farce and revelation of unsurprising incompetence and bs.

This is serious.

**Updated** RSA Breached: SecurID Affected

Very serious security just took a very serious hit.

from Bob Huber in the comments:

APT…we are going to hear this over and over. Most organizations of any worth have probably been compromised by APT actors. […] Most people don’t know how to find it, most security tools don’t stop it, but eventually something will catch it, but it will likely take some time. Unfortunately lots of consultants and vendors are beginning to offer some type of APT solution. The fact is, one doesn’t exist. That’s the point of APT. Unless you know what you are looking for, and what their TTPs are, you don’t stand much of a chance. The days of buying tools or bringing on consultants to solve these types or problems are gone, if they were <a href="http://arstechnica.com/security/news/2011/03/rsa-saever here. […] Yes, you actually have to look at your data, perform intrusion analysis, intelligence analysis…go figure. We can’t just buy a tool.

The take away: you must take responsibility for your own security. Even the best get hacked. Security must get audited by you and others: many eyes makes the problem shallow. Obscurity is not security.

Reputation means nothing. Competence means nothing. Practice is everything.

RSA, so far, has provided a statement saying nothing.

Ars provides some explanation:
RSA says hack won’t allow “direct attack” on SecureID tokens

[apologies to Juvenal or whoever that was]


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: