Check out our brand new Local Poker Communities! Get updates and interact with poker players in your area.
Visit the United States Poker Community | Visit the California Poker Community | Read more about the Launch of P5s Local

RSA token security issues - important for those who have them.

Reply to Thread
  1. C_Bomb C_Bomb is offline

    Croydon
    Australia

    Posts: 755
    Joined: Jun 09

    Mar 20th, 2011 (3/20/2011 11:13pm)

    Apparently the parent company got hacked.

    More details in the links below. top is the story i read, second is the open letter from RSA

    http://www.theage.com.au/technology/...321-1c2i4.html

    http://www.rsa.com/node.aspx?id=3872
  2. wackyJaxon wackyJaxon is offline Admin X

    Vilnius
    Lithuania

    Posts: 12,260
    Joined: Apr 06

    Mar 20th, 2011 (3/20/2011 11:18pm) in reply to C_Bomb

    Wonder what PS plans to do about this. Quoted from the first article. Looks like we are "safe" if they do not have our serial numbers..

    To carry out a successful attack against a company, an attacker "would need to obtain its target device’s public serial number as well as one or more current output samples, at a known time, to determine the current state of the device’s 22-bit realtime clock," according to a blog post by security expert Steve Gibson. "From that point on, an attacker could reliably determine the device’s output at any time in the future."

    This quoted text makes me more nervous.

    He said that any company using RSA SecurID tokens "should consider them completely compromised" and should insist upon the immediate replacement of their tokens. RSA "may not want to do the responsible thing because it would be very expensive for them", he added.
    Edited By: wackyJaxon Mar 20th, 2011 at 11:19 PM
      1 
  3. wes_mc wes_mc is offline

    Raleigh, NC
    United States

    Posts: 2,026
    Joined: Dec 09

    Mar 20th, 2011 (3/20/2011 11:22pm) in reply to wackyJaxon

    This is very alarming for sure, but fortunately, the RSA information is not even close to sufficient information to hack into an RSA-protected stars account. (ie, need username, password, and full security code including the RSA numbers)
  4. FLUSHDUDE FLUSHDUDE is offline

    Cleveland, OH
    United States

    Posts: 503
    Joined: May 07

    Mar 21st, 2011 (3/21/2011 1:43am) in reply to wes_mc

    is this just stars or ftp also
     
  5. wes_mc wes_mc is offline

    Raleigh, NC
    United States

    Posts: 2,026
    Joined: Dec 09

    Mar 21st, 2011 (3/21/2011 1:46am) in reply to FLUSHDUDE

    FTP uses a different company's security token
  6. wackyJaxon wackyJaxon is offline Admin X

    Vilnius
    Lithuania

    Posts: 12,260
    Joined: Apr 06

    Mar 21st, 2011 (3/21/2011 1:51am) in reply to wes_mc

     
    Originally Posted by wes_mc View Post

    FTP uses a different company's security token

    I've wondered how secure their system is though, especially now in light of this. It looks like FTP and partypoker use the same system at least based on stuff on the back of both tokens. As you said before, this probably isn't an issue even if they did hack since they do not have the rest of our info, but if they are good enough to hack RSA, anything seems possible. Maybe I am just being paranoid.
      1 
  7. wes_mc wes_mc is offline

    Raleigh, NC
    United States

    Posts: 2,026
    Joined: Dec 09

    Mar 21st, 2011 (3/21/2011 1:59am) in reply to wackyJaxon

    You're definitely right; if someone had the will and ability to target one of the poker sites with the same level of sophistication with which they attacked RSA, they could probably do some significant damage. But personally I'm not going to worry about it and pretty much just hope it doesn't happen since I can't do anything to prevent it. If news surfaces of such an attack, then I'll take whatever steps I can to protect my money.
  8. bonflizubi bonflizubi is offline

    Cambridge, MA
    United States

    Posts: 4,519
    Joined: Sep 07

    Mar 21st, 2011 (3/21/2011 11:54pm) in reply to wes_mc

    MOD EDIT: Sorry all. even mods get confused. moved out of PSites to P community.. but it belongs in Psites...
     
Reply to Thread

Similar Threads