RSA detailing SecurID hack to customers sworn to secrecy

RSA has started providing more detail into the mid-March attack on its SecurID token-based authentication system, but to get a fuller story you have to be an RSA customer willing to sign a nondisclosure agreement (NDA).

An NDA means that you agree to keep secret what RSA would be willing to tell you. Sources say RSA is reaching out to its largest customers, especially those in sensitive industries, to get IT executives to sign such NDAs.


However, some RSA customers say they aren't willing to do that.

"RSA was asking that I sign an NDA," says Ron Gula, CEO at Tenable Network , which uses SecurID tokens for authentication. "I'm suspicious. Why hide it?"

Gula said he doesn't want to feel his hands are tied by agreeing to an NDA, though he hopes in the end it's "all a non-issue" about something that RSA will speak about soon anyway. But it's making him uneasy and he's looking at using other authentication products.