[QUOTE=Christenson;270784]because anyone seriously concerned about security would have to wonder if RSA security meant anything at all.[/QUOTE]

Yes, this is probably the biggest revenue threat, and

[QUOTE=Christenson;270784]It probably cost more to drop it in FedEx to you than it did to make another one.[/QUOTE]

I agree the replacement cost is trivial. I was musing on the hit to recurring revenue, though, that happens because my SecureId is now good until 2017, while it replaced one that expires in 2013. So my client will not be ordering my next replacement until four years later.

[QUOTE=wblipp;270850]I agree the replacement cost is trivial. I was musing on the hit to recurring revenue, though, that happens because my SecureId is now good until 2017, while it replaced one that expires in 2013. So my client will not be ordering my next replacement until four years later.[/QUOTE]But you are still trusting the keys to your kingdom to that same company that let you down previously. How many staff work for that company? Do you know each of them personally? Can you say without any doubt that you trust each and every one of them to not ever deliberately, or unintentionally, leak the information again? Perhaps it is time to examine just what is really happening and where the trust should really be placed.

[QUOTE=retina;270851]But you are still trusting the keys to your kingdom to that same company that let you down previously.[/QUOTE]

It's not my kingdom and not my trust. I'm just support personnel for a software vendor to king. I have a SecureId in order to support our product on the king's network. My bet is the king will continue to trust RSA, and count it a boon that they don't have to replace SecureIds in 2013. Other, smarter kings will be looking for alternatives.

[QUOTE=retina;270851]But you are still trusting the keys to your kingdom to that same company that let you down previously. How many staff work for that company? Do you know each of them personally? Can you say without any doubt that you trust each and every one of them to not ever deliberately, or unintentionally, leak the information again? Perhaps it is time to examine just what is really happening and where the trust should really be placed.[/QUOTE]I.e, what's your threat model? That's by far the most important question first to ask and then to answer.

Once you've got an idea of that one, [b]then and only then[/b] you can make sensible investment decisions. Sometimes it's better not to take precautions. This is the self-insurance route.

FWIW, neither I nor any of my employers have ever used SecureID. It helps protect against threats we did not consider significant enough to warrant the expense of deployment. Note that "expense" is not only the monetary cost of the devices themselves.

Paul

[url]http://ca.news.yahoo.com/video/us-22424932/real-life-doogie-howser-26513804.html[/url]

this takes looking at the inside of a career to a weird place.

So you are more concerned about what insiders can do to your data, than outsiders?

I'd like to discuss the threat modelling a bit more....noting, of course, that unpublicised vulnerabilities are quite valuable in the market.

[url]http://www.cbc.ca/news/world/story/2011/09/07/russia-plane-crash.html[/url]

well this is another hit to the NHL teams who had players ( former or current) on the team.

[url]http://ca.finance.yahoo.com/news/IBM-Watson-supercomputer-capress-351094173.html[/url]

kinda cool, I won't spoil it for you.

[url]http://ca.news.yahoo.com/blogs/dailybrew/winter-officially-over-edmonton-last-city-snow-melts-194415380.html[/url]

sounds weird ( some even say it's falsified)

[url]http://ca.news.yahoo.com/fda-disputes-dr-oz-shows-suggestion-health-risk-155002088.html[/url]

[url]http://ca.news.yahoo.com/blogs/daily-buzz/man-train-one-most-bizarre-laughs-200311334.html[/url]