Steve Gibson and Leo have been talking about this for weeks on the Security Now podcast. Interesting story if you'd like to listen. Amazing how a well known security company kept its crown jewels within reach general employees with Windows boxes. When are they gonna learn?
Not only that, they have employed a security-by-obscurity strategy:
RSA Security Chairman Art Coviello said that the reason RSA had not disclosed the full extent of the vulnerability because doing so would have revealed to the hackers how to perform further attacks.
In their "defense", keeping it secret might have had more to do with saving their public image than with any belief that it was actually better security.
I don't think so. More a long the lines of not disclosing all the companies who may have had their seed stored as it would provide these intruders with a list of targets to attempt to phish their pins.
