RSA

The RSA security conference (where the world's security companies come to do business with each other), opened its doors this week in San Francisco to a wide range of protests by security professionals who would otherwise be attending and speaking at the conference.

The protests might be called "obnoxious," "pointless" and "first world outrage " -- but the protesters affiliated with hacker conference DEF CON, organization Code Pink, and sold-out opposition conference "TrustyCon" are getting everyone's attention this week.

There has been a lot of news lately about nefarious-sounding backdoors being inserted into cryptographic standards and toolkits. One algorithm, a pseudo-random bit generator, Dual_EC_DRBG, was ratified by the National Institute of Standards and Technology (NIST) in 2007 and is attracting a lot of attention for having a potential backdoor. This is the algorithm that the NSA reportedly paid RSA $10 million in exchange for making it the default way for its BSAFE crypto toolkit to generated random numbers.

In a letter to Joseph Tucci, and Art Coviello, F-Secure's Mikko Hypponen says he is canceling his talk at the 2014 RSA Conference, due to the company's deal with the NSA.

Mikko Hypponen, a widely known security expert and speaker, has given many presentations at the RSA Conference over the years. However, his talk scheduled for the 2014 RSA Conference in February, "Governments as Malware Authors" isn't going to happen.

EMC-owned RSA Security has denied reports that the company had entered into secret contracts with the NSA worth $10 million to use the flaws Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) as the default pseudorandom number generator for the company's encryptions products.

The U.S. National Security Agency (NSA) paid US$10 million to vendor RSA in a "secret" deal to incorporate a deliberately flawed encryption algorithm into widely used security software, according to a Reuters report that is reigniting controversy about the government's involvement in setting security standards.

The contract was part of an NSA campaign to weaken encryption standards in order to aid the agency's surveillance programs, Reuters reported on Friday.

Deutsche Telekom said it would launch a secure internet service next year for smaller companies that find it hard to pay for defenses against sophisticated forms of cyber crime.

The firm presented the plan at a cyber security conference at its Bonn headquarters as a diplomatic row rages between the United States and Europe over spying accusations.

Officials from RSA Security are advising customers of the company's BSAFE toolkit and Data Protection Manager to stop using a crucial cryptography component in the products that was recently revealed to contain a backdoor engineered by the National Security Agency.

A malicious software tool perhaps most famously used to hack RSA's SecurID infrastructure is still being used in targeted attacks, according to security vendor FireEye.

Poison Ivy is a remote access trojan (RAT) that was released eight years ago but is still favored by some hackers, FireEye wrote in a new report released Wednesday. It has a familiar Windows interface, is easy to use and can log keystrokes, steal files and passwords.

RSA President Tom Heiser is transferring from the security company to its parent company EMC to focus on cloud computing initiatives, according to an internal communication sent from the company today.

The move marks the departure of a high-level executive from RSA and an increased focus by EMC on cloud computing initiatives.

In this video recorded at Hack In The Box 2013 Amsterdam, Eddie Schwartz, CSO at RSA, The Security Division of EMC, discusses the impact of big data on information security. He talks about security management, fraud, identity management, governance, risk and compliance.