Mar 21 2011
This group of pieces on the recent RSA breach is only the tip of the iceberg, but most of what you’ll read on the story is purely suppositional. In other words, a lot of educated people are playing a game of “let’s pretend” and blogging about it. No one who’s writing knows much about the details, almost everything that’s out so far is guess work about what might of happened to RSA. And while there’s some value to running through possible scenarios, it’s probably not worth the screen time the story has been getting until we know something concrete.
So here’s three stories on the RSA APT. The first is just the initial facts as they were known late last week, in a story from the Boston Herald. The second is an analytical brief from NSS Labs, included as an example of some of the conjecture people are making based on what is known. NSS Labs is known for having some good folks and this report is far from the most outrageous speculation that’s been made so far, but it’s also going to require a lot more information before we can really make a claim like “a string of breaches stemming from this event.” Dave Shackleford does a very good job of dissecting just how little we know so far in this story and why the ‘A’ in APT is a misnomer.
And finally a story that may or may not have anything to do with what’s happening to RSA, Google is accusing China of messing with their stuff. It’s kind of hard to trust your servers when you’re sending them to another country that has no compunctions about using any means necessary to ‘protect their citizens’.
Update: And moments after I posted this @N0b0d4 posted a very good post by Steve Gibson dissecting the potential risks of this compromise for people using RSA SecurID tokens. I’m not usually one of Steve’s biggest fans, but he’s taken apart the issues pretty well this time.