Security Basics mailing list archives

Re: RSA Compromise

From: Benjamin Kenneally <drunken.monkey.security () gmail com>
Date: Thu, 07 Apr 2011 13:05:09 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It seems to me it's analogous to hearing that there's been a robbery on
your block. You check and make sure the doors and windows are locked
before you go to bed. Do you have an alarm system? If so, do you
actually arm it?

Check and make sure your security policy is in place and being followed,
and keep an eye out for anything suspicious. That's all you need to do.

If the breach of another company results in you having to change the
security setup internal to your company, you might want to review your
dependence on outside companies for security. Do you have failovers in
place for when they fail? Are they your single security point?

Just my thoughts.

- -Benjamin

On 4/5/2011 10:38 AM, Juan Morales wrote:

I think it is hard to say at this point, given the fact that only
vague information has been released related to the breach.  While this
was certainly significant in terms of news, until a major attack or
breach directly related to the RSA compromise is reported, we might
not know.



On Apr 1, 2011, at 6:05 PM, "navin1406 () yahoo com" <navin1406 () yahoo com> wrote:

Hi Guys,

How serious does the RSA breach looks like and what proactive measures should we take to mitigate exposure if any?

Thanks,

Navin
Sent on my BlackBerry® from Vodafone


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

- --
Disclosure: The information in this email is confidential. If its
contents are disclosed our lawyers will swoop down from helicopters and
smash through the skylight nearest you and drag you away with a black
bag over your head. They will then take you to our super secret
headquarters and make you fight to the death with other people whyo
shared this email. We will then watch said deathmatch and place bets on
the winner. You will be given a large buck knife and an unlimited supply
of methamphetamines. If the fight becomes boring or there is a
stalemate, rabid dogs will be released into the arena to liven things up
a bit. If the dogs become docile, we will squirt them with water bottles
until they become tempermental.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNnfzNAAoJEGfcMJpS2mginc0H/3PcAtWYRQDKzDI61ZZeHi6T
sgQPmCoaXvBKicJPaNpPKxG2TWl0nfGu9UEyj7tCQGT7L+Dl7JLKIFCf9Lxluy8v
fmGs3B43mcnK0oEtqjttDPy5y+i2AWhiM1/E3bZymvoOjNYTMD5lNoHYuDMEP8el
CRAYCRe2pv4pS/fGNdvFS+pSKFSYI/Q7qoxk3tx0Ect+s3TxTVz3j6M/1PMbQuJY
c5bzMRAXy8igDFigEF8Es36dLqeJu+HgxX5pI9N/Rhln0IiF4s3Q6PV2xIeRaFZA
jetY94JMDClPCNBMCv9QI6uQkbOb3UCoMIHYkmZ11T8OYnhpHwWfO91wluc0xQo=
=55MX
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

RSA Compromise navin1406 (Apr 01)
- RE: RSA Compromise Valin, Christian (Apr 05)
- Re: RSA Compromise Ivan . (Apr 05)
- Re: RSA Compromise Spacerat (Apr 05)
- RE: RSA Compromise Chris Weber (Apr 05)
  - Re: RSA Compromise navin1406 (Apr 05)
- Re: RSA Compromise techfrancis (Apr 05)
- RE: RSA Compromise faruk (Apr 05)
- Re: RSA Compromise Juan Morales (Apr 07)
  - Re: RSA Compromise Benjamin Kenneally (Apr 07)
- Re: RSA Compromise amolarakh (Apr 07)