Ask the Directory Services Team

Microsoft's official Enterprise Platform Support DS blog

Translate this pageMicrosoft® Translator

Disclaimer: All postings are provided "AS IS" with no warranties, and confer no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Because a weblog is intended to provide a semi-permanent point-in-time snapshot, you should not consider out of date posts to reflect current thoughts and opinions.

Ned here. If you are using RSA SecurID, you’re probably aware they were compromised several months ago. You may also have heard that since then, hackers have been using that stolen info to attack or compromise various organizations. What you may not know is RSA is now issuing replacement tokens for their customers. The catch is you need to contact them; they are not necessarily going to contact you. More info from their executive chairman here:

http://www.rsa.com/node.aspx?id=3891

U.S.:
1-800-782-4362, Option #5 for RSA, Option #1 for the RSA SecurID Remediation Program

Canada:
1-800-543-4782, Option #5 for RSA, Option #1 for the RSA SecurID Remediation Program

International:
+1-508-497-7901, Option #5 for RSA, Option #1 for RSA SecurID Remediation Program

None of this is directly AD or Microsoft-related, but I’d be remiss if I didn’t spread the word – RSA has a large customer base. That said, if you’re interested in alternatives, here’s some reading on understanding and deploying two-factor smartcard authentication:

The Secure Access Using Smart Cards Planning Guide (Windows 7, Windows Server 2008 R2)
Windows Smart Card Technical Reference (Windows 7, Windows Server 2008 R2)
Planning a Smart Card Deployment (Windows XP, Windows Server 2003)
Smart Cards (Windows XP, Windows Server 2003)
Forefront Identity Manager 2010 and smart cards (all OS)

Ned “fobbing any questions off on Jonathan” Pyle

Thanks for the heads up. We use RSA on our infrastructure servers and this is the first I've heard about this!

We got an email back in March from RSA saying something like: "We (RSA/EMC) have been hacked. Ensure you have a strong PIN- and lockout policy, but don't worry. YOU are safe. PS! give us a call".

We never got any info from EMC that there has been successful attacks and that they now where issuing replacement tokens until you said it :o

"...None of this is directly AD or Microsoft-related.." but you do have templates/support to use RSA fobs in conjunction with ISA/UAG so you are justified to spread the word :)

Double-yikes. Hopefully the word spreads - this little site is only popular in TechNet terms, not WordPress or Blogger terms. :-D

Ask the Directory Services Team

Do not skip the latest B8 boot post

Dynamic Access Control intro on Windows Server blog

Friday Mail Sack: Mothers day pfffft… when is son’s day?

New Slow Logon, Slow Boot Troubleshooting Content

Friday Mail Sack: Drop the dope, hippy! edition

Performance

Networking

Small Business Server

AskCore

CPR / Escalation Services

LATAM [Portugese & Spanish]

Aktives Verzeichnis (Germany DS Support)

Platformas (Spanish)

jpntsblog (Japanese)

Manageability (Configuration Mgr)

Manageability (MDM)

Manageability (Ops Mgr)

Manageability (SCVMM)

Manageability (Softgrid)

Manageability (SUS)

Windows Essential Business Server

Ask PFE

File Cabinet

Windows Server Division

Server Core (WS2008)

Group Policy

USMT

Terminal Services Team Blog

Jose Barreto's Blog

Eric Fitzgerald's Blog

Hey, Scripting Guy! Blog

AD Troubleshooting

AskPFE

Ashley McGlone's Blog (PowerShell)

Our positions

RSA SecurID Do Over

RSA SecurID Do Over