April, 2011

NSA Recommendations For RSA SecurID Users After Cyber Intrusion

On March 17, 2011, RSA announced that it had been the victim of a cyber intrusion, and as a result, information related to its SecurID product – a two-factor authentication device – had been compromised. According to RSA, the compromise does not lead to a direct attack on SecurID, but it does decrease its effectiveness.

In reaction to the RSA cyber intrusion, The National Security Agency (NSA) released Information Assurance Advisory No. IAA-003-2011: Recommended Actions for SecurID Users in Response to RSA Cyber Intrusion. This advisory expands on the information previously released by NSA via Information Assurance Alert No. IAR-001-2011: Mitigations for the RSA Cyber Intrusion, and provides additional guidance on:

· The use of SecurID hard tokens and soft tokens
· Fortifying the security profile of SecurID’s authentication factors
· Measures to harden SecurID’s Authentication Manager

Light Point Web 0.8 Complete

We have just wrapped up development and deployment of Light Point Web 0.8. We released 0.7 just over a month ago, so this release isn’t much different. However, our 0.7 beta did not go so well, so 0.8 is mainly just fixing the problems we found with 0.7.

How To Protect Yourself From The Epsilon Security Breach

Epsilon, one of the largest email marketing companies, was affected by a major security breach that resulted in the compromise of the email lists of some of its clients, including JPMorgan Chase, Capital One, TD Ameritrade, and Citi. The names of the companies impacted by the breach are slowly being released by Epsilon, and it is expected that the list will slowly grow over time. Only the names and email addresses of customers have been compromised in most cases. This means that the threat is relatively low for those of us that practice good security. However, there is still a threat. Here is what you may see if you are the customer of one of the affected brands, and what you can do to protect yourself.