Posted by: NetLib on Thursday, July 14, 2011
Originally published at: New York Times
Copyright: 2011 New York Times

SecurID Company Suffers a Breach of Data Security

SAN FRANCISCO — The RSA Security division of the EMC Corporation said Thursday that it had suffered a sophisticated data breach, potentially compromising computer security products widely used by corporations and governments.

The company, which pioneered an advanced cryptographic system during the 1980s, sells products that offer stronger computer security than simple password protection. Known as multifactor authentication, the technology is typically based on an electronic token carried by a user that repeatedly generates a time-based number that must be appended to a password when a user logs in to a computer system.

RSA, which is based in Bedford, Mass., posted an urgent message on its Web site on Thursday referring to an open letter from its chairman, Art Coviello. The letter acknowledged that the company had suffered from an intrusion Mr. Coviello described as an “advanced persistent threat.”

In recent years a number of United States companies and government agencies have been the victim of this type of attack, in which an intruder either exploits an unknown software vulnerability or in some way compromises the trust of an employee to take command of a computer or an entire network within a company.

In 2009, for example, Google fell victim to an attack that it said had originated in China, and it ended commercial operations in the country in response.

... read the full article at the link above ...