blog post with some more details of the "Advanced Persistent Threat" attack that involved the theft of information related to SecurID. RSA should be praised for this, as I like many others, had been disappointed with them for less than responsible disclosure. Although this post does not provide details of what was stolen (maybe they don't know?) that would enable smaller organizations and individuals without direct contact with RSA to perform a risk assessment, it does at least provide opportunities for lessons learnt. It also raises questions on why a security company did not have appropriate controls to mitigate these risks.
Written by Rakkhi Samarasekera