RSA Hack and lessons learned

Jul. 15th, 2021 08:27 am
[personal profile] ionelv

In May, Wired published a story about the RSA hack. Reddit covered it. One part stood out for me: how the supposedly air-gapped seed server was not only not air-gapped at all, but it was set up incorrectly allowing incoming connections (instead of much more secure outgoing connections only):


[O]ne server on RSA’s internet-connected network was linked, through a firewall that allowed no other connections, to the seed warehouse on the manufacturing side. Every 15 minutes, that server would pull off a certain number of seeds so that they could be encrypted, written to a CD, and given to SecurID customers.

It baffles me, that RSA thought that was good network security back then, or that they were watching the hacking in real time, instead of shutting the whole thing down right away.

  • Add Memory
  • Share This Entry

Profile

JMA-PSOS

February 2026

S M T W T F S
12 3456 7
89101112 13 14
15 16 17181920 21
22232425262728

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 24th, 2026 04:57 am
Powered by Dreamwidth Studios