Skip to main content

RSA

RSA protests by DEF CON groups, Code Pink draw ire

posted onFebruary 27, 2014
by l33tdawg

The RSA security conference (where the world's security companies come to do business with each other), opened its doors this week in San Francisco to a wide range of protests by security professionals who would otherwise be attending and speaking at the conference.

The protests might be called "obnoxious," "pointless" and "first world outrage " -- but the protesters affiliated with hacker conference DEF CON, organization Code Pink, and sold-out opposition conference "TrustyCon" are getting everyone's attention this week.

How the NSA (may have) put a backdoor in RSA's cryptography: A technical primer

posted onJanuary 6, 2014
by l33tdawg

There has been a lot of news lately about nefarious-sounding backdoors being inserted into cryptographic standards and toolkits. One algorithm, a pseudo-random bit generator, Dual_EC_DRBG, was ratified by the National Institute of Standards and Technology (NIST) in 2007 and is attracting a lot of attention for having a potential backdoor. This is the algorithm that the NSA reportedly paid RSA $10 million in exchange for making it the default way for its BSAFE crypto toolkit to generated random numbers.

Noted speaker, Mikko Hypponen, cancels RSA talk in protest to NSA collaboration allegations

posted onDecember 24, 2013
by l33tdawg

In a letter to Joseph Tucci, and Art Coviello, F-Secure's Mikko Hypponen says he is canceling his talk at the 2014 RSA Conference, due to the company's deal with the NSA.

Mikko Hypponen, a widely known security expert and speaker, has given many presentations at the RSA Conference over the years. However, his talk scheduled for the 2014 RSA Conference in February, "Governments as Malware Authors" isn't going to happen.

Report on NSA 'secret' payments to RSA fuels encryption controversy

posted onDecember 23, 2013
by l33tdawg

The U.S. National Security Agency (NSA) paid US$10 million to vendor RSA in a "secret" deal to incorporate a deliberately flawed encryption algorithm into widely used security software, according to a Reuters report that is reigniting controversy about the government's involvement in setting security standards.

The contract was part of an NSA campaign to weaken encryption standards in order to aid the agency's surveillance programs, Reuters reported on Friday.

Deutsche Telekom and RSA partner to offer 'clean pipe' against hackers

posted onNovember 13, 2013
by l33tdawg

Deutsche Telekom said it would launch a secure internet service next year for smaller companies that find it hard to pay for defenses against sophisticated forms of cyber crime.

The firm presented the plan at a cyber security conference at its Bonn headquarters as a diplomatic row rages between the United States and Europe over spying accusations.

Poison Ivy, used in RSA SecurID attack, still popular

posted onAugust 23, 2013
by l33tdawg

A malicious software tool perhaps most famously used to hack RSA's SecurID infrastructure is still being used in targeted attacks, according to security vendor FireEye.

Poison Ivy is a remote access trojan (RAT) that was released eight years ago but is still favored by some hackers, FireEye wrote in a new report released Wednesday. It has a familiar Windows interface, is easy to use and can log keystrokes, steal files and passwords.

RSA president leaving to take cloud job at parent EMC

posted onJuly 29, 2013
by l33tdawg

RSA President Tom Heiser is transferring from the security company to its parent company EMC to focus on cloud computing initiatives, according to an internal communication sent from the company today.

The move marks the departure of a high-level executive from RSA and an increased focus by EMC on cloud computing initiatives.

How big data is transforming information security

posted onJune 26, 2013
by l33tdawg

In this video recorded at Hack In The Box 2013 Amsterdam, Eddie Schwartz, CSO at RSA, The Security Division of EMC, discusses the impact of big data on information security. He talks about security management, fraud, identity management, governance, risk and compliance.