RSA SecurID
RSA SecurID曾用名SecurID ,是RSA 安全开发的一种多重要素验证工具,由安全令牌、钥匙圈等硬件组成。[1]2011年3月17日,RSA表示他们受到了网络攻击,当时有人向RSA的员工发送了网络钓鱼电子邮件,[2]而电子邮件的附件是一个包含恶意软件的Microsoft Excel文件。当RSA 员工打开 Excel 文件时,黑客就利用了Adobe Flash中的漏洞并通过远程桌面软件控制了RSA网络中的机器并且访问了服务器, [3]而且SecurID的数据也遭到泄露。 [4]
RSA SecurID | |
---|---|
网站 | https://www.rsa.com/en-us/products/rsa-securid-suite |
参考文献
编辑- ^ TOTP: Time-based One-time Password Algorithm. [2022-05-23]. (原始内容存档于2012-11-25).
- ^ Rivner, Uri. Anatomy of an Attack. Speaking of Security - The RSA Blog and Podcast. 1 April 2011. (原始内容存档于20 July 2011).
- ^ Mills, Elinor. Attack on RSA used zero-day Flash exploit in Excel. CNET. 5 April 2011. (原始内容存档于17 July 2011).
- ^ Open Letter to RSA Customers. [2022-05-23]. (原始内容存档于2022-05-23). Originally online at RSA site (页面存档备份,存于互联网档案馆).
外部链接
编辑维基共享资源上的相关多媒体资源:RSA SecurID
- Technical details
- Sample SecurID Token Emulator with token Secret Import (页面存档备份,存于互联网档案馆) I.C.Wiener, Bugtraq post.
- Apparent Weaknesses in the Security Dynamics Client/Server Protocol (页面存档备份,存于互联网档案馆) Adam Shostack, 1996.
- Usenet thread discussing new SecurID details (页面存档备份,存于互联网档案馆) Vin McLellan, et al., comp.security.misc.
- Unofficial SecurID information and some reverse-engineering attempts (页面存档备份,存于互联网档案馆) Yahoo Groups securid-users.
- Analysis of possible risks from 2011 compromise
- Published attacks against the SecurID hash function
- Cryptanalysis of the Alleged SecurID Hash Function (页面存档备份,存于互联网档案馆) (PDF) Alex Biryukov, Joseph Lano, and Bart Preneel.
- Improved Cryptanalysis of SecurID (页面存档备份,存于互联网档案馆) (PDF) Scott Contini and Yiqun Lisa Yin.
- Fast Software-Based Attacks on SecurID (页面存档备份,存于互联网档案馆) (PDF) Scott Contini and Yiqun Lisa Yin.