The RSA security conference (where the world's security companies come to do business with each other), opened its doors this week in San Francisco to a wide range of protests by security professionals who would otherwise be attending and speaking at the conference.
The protests might be called "obnoxious," "pointless" and "first world outrage " -- but the protesters affiliated with hacker conference DEF CON, organization Code Pink, and sold-out opposition conference "TrustyCon" are getting everyone's attention this week.
There has been a lot of news lately about nefarious-sounding backdoors being inserted into cryptographic standards and toolkits. One algorithm, a pseudo-random bit generator, Dual_EC_DRBG, was ratified by the National Institute of Standards and Technology (NIST) in 2007 and is attracting a lot of attention for having a potential backdoor. This is the algorithm that the NSA reportedly paid RSA $10 million in exchange for making it the default way for its BSAFE crypto toolkit to generated random numbers.
In a letter to Joseph Tucci, and Art Coviello, F-Secure's Mikko Hypponen says he is canceling his talk at the 2014 RSA Conference, due to the company's deal with the NSA.
Mikko Hypponen, a widely known security expert and speaker, has given many presentations at the RSA Conference over the years. However, his talk scheduled for the 2014 RSA Conference in February, "Governments as Malware Authors" isn't going to happen.
EMC-owned RSA Security has denied reports that the company had entered into secret contracts with the NSA worth $10 million to use the flaws Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) as the default pseudorandom number generator for the company's encryptions products.
The U.S. National Security Agency (NSA) paid US$10 million to vendor RSA in a "secret" deal to incorporate a deliberately flawed encryption algorithm into widely used security software, according to a Reuters report that is reigniting controversy about the government's involvement in setting security standards.
The contract was part of an NSA campaign to weaken encryption standards in order to aid the agency's surveillance programs, Reuters reported on Friday.