On Wed, Dec 18, 2013 at 3:23 PM, David Lochrin <[email protected]> wrote:
> Westpac will also provide an RSA SecurID fob for authorisation of > withdrawals over a certain user-defined amount, though I think I had to > request one. The RSA attack was over two years ago I believe and involved > theft of the database which maps each fob serial-number to its seed, so any > SecurID device manufactured since shortly afterwards should be reasonably > safe. > Whats more, the SecurID tokens have a maximum 3 year life, after which they will disable themselves. The RSA hack was disclosed in March 2011, so one could probably presume that all tokens produces since at least that time are not affected. If you do the math, you'll see that it's basically a non-issue today. (Even then, there's been zero reported cases of the compromised keys being used for anything like Internet Banking). Scott (Speaking 100% for myself, not my employer who may or may not be the company that produces these keys!) _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
