Just a small reflection about the list of potential victims of the RSA attackers published by Brian Krebs a few days ago… I won’t come back on this attack, almost everything has been said on this topic.
Brian’s post reports a list of AS (“Autonomous Systems“) which exchanged some traffic (is a “ping” considered as traffic?) with the C&C centers used during the attack against RSA. As correctly reported in the post, it does NOT mean that all the listed companies were affected. Some of them have maybe just investigated security incidents (I saw a CERT in the list). Some AS’s belongs to very big Internet Service Providers which have plenty of customers routed throught those AS’s. BTW, I read the complete list and found that my company is connected on the Internet through one AS listed by Brian! 😉
So, if you’re listed, what will happen? Do you need to disconnect your infrastructure from the Internet and use your old RSA tokens for voodoo sessions? Definitively no! I’m just wondering how long will it take before v€ndor$ use this list as a reference for a new marketing campaign? This is another type of threat: Don’t be fooled if you’re contacted by them…