A researcher has devised a method that attackers with control over a victim's computer can use to clone the secret software token that RSA's SecurID uses to generate one-time passwords. The technique, described on Thursday by a senior security analyst at a firm called SensePost, has important implications for the safekeeping of the tokens. An estimated 40 million people use various SecurID tokens
![RSA SecurID software token cloning: a new how-to](https://cdn-ak-scissors.b.st-hatena.com/image/square/7f2a2d92affd5e1d4bbbc175592b6fc5678ba71b/height=288;version=1;width=512/https%3A%2F%2Fcdn.arstechnica.net%2Fwp-content%2Fuploads%2F2012%2F05%2Frsa-token_clone-620x215.png)