RSA: This is Really Bad

RSA SecurID Key FobAccording to the NYTimes, the company responsible for providing a very significant percentage of government and corporate security in the United States has been hacked (the RSA Security division of the EMC Corporation).  OMFG; are they for real?

Few questions come to mind:  When does RSA plan to clarify how bad this really is?  What are they doing to fix it?  What are they advising their corporate and governmental customers?  Was this not kind of foreseeable? (Hint: Um, yes it was).  And perhaps the most burning question of all: when is this country going to get serious about cybersecurity?  I mean, what will it take?

Here’s a few choice quotes from the NYT article:

“In recent years a number of United States companies and government agencies have been the victim of this type of attack, in which an intruder either exploits an unknown software vulnerability or in some way compromises the trust of an employee to take command of a computer or an entire network within a company.”  Translation: We should have seen this coming.

“RSA … posted an urgent message on its Web site on Thursday referring to an open letter from its chairman, Art Coviello. The letter acknowledged that the company had suffered from an intrusion Mr. Coviello described as an “advanced persistent threat.””  Translation: It wasn’t our fault because they were advanced.

“He did not give precise details about the nature of the information, but said it could potentially reduce the effectiveness of system in the face of a “broader attack.””  Translation: I cannot give you precise details because (1) I don’t have any idea what has really gone on here and (2) even if I did I wouldn’t fess up because I am afraid of shareholder lawsuits.

“The company said that there was currently no indication that the information had been used to attack its customers.”  Translation: There is also no indication that it hasn’t either.  In fact, there is no indication that anybody knows what the hell is going on.

““We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our I.T. infrastructure,” Mr. Coviello said. “We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.””  Translation: Now that we are reminded of this issue by the horse escaping, we have undertaken to fix the fence.  And we hardly delayed at all before getting law enforcement involved and making this embarrassing mess into a public spectacle.

“The company submitted a filing to the Securities and Exchange Commission in which it stated that it did not expect the theft to have a financial impact.”  Translation: We don’t think this will be a biggie to clean up nor reduce demand for our now-compromised line of products because no one in this country seems to take cyber security all that seriously.

Speak Your Mind


Time limit is exhausted. Please reload the CAPTCHA.