[LINK] A security question
Scott Howard
scott at doc.net.au
Thu Dec 19 11:46:26 AEDT 2013
On Wed, Dec 18, 2013 at 3:23 PM, David Lochrin <dlochrin at d2.net.au> wrote:
> Westpac will also provide an RSA SecurID fob for authorisation of
> withdrawals over a certain user-defined amount, though I think I had to
> request one. The RSA attack was over two years ago I believe and involved
> theft of the database which maps each fob serial-number to its seed, so any
> SecurID device manufactured since shortly afterwards should be reasonably
> safe.
>
Whats more, the SecurID tokens have a maximum 3 year life, after which they
will disable themselves. The RSA hack was disclosed in March 2011, so one
could probably presume that all tokens produces since at least that time
are not affected. If you do the math, you'll see that it's basically a
non-issue today.
(Even then, there's been zero reported cases of the compromised keys being
used for anything like Internet Banking).
Scott
(Speaking 100% for myself, not my employer who may or may not be the
company that produces these keys!)
More information about the Link
mailing list