Print 27 comment(s) - last by Perry Tanko.. on Jan 19 at 4:47 PM

NSA entered into a $10 million contract with RSA to place a flawed formula within encryption software

Security industry leader RSA was caught working with the U.S. National Security Agency (NSA), and now it's seeing some backlash from former allies. 
According to a new report from CNET, some leaders in the computer security world who were scheduled to speak at the RSA Conference next month have backed out due to recent discoveries about the RSA's connections with the NSA.
The report said Mikko Hypponen, chief technology officer of F-Secure; Josh Thomas, the Chief Breaking Officer at security firm Atredis, and Jeffrey Carr, another security industry veteran who analyzes espionage and cyber warfare methods, have all canceled their presentations at the RSA Conference.
Carr and Hypponen have taken it a step further by boycotting the conference. Hypponen said "nationality" was the reason for his cancellation while Carr said the RSA had violated its customers' trust. 
"I don't want to send mixed messages, so I have canceled all my appearances at RSA 2014," said Hypponen.
Once Carr announced his boycott, others followed, including Marcia Hoffman, privacy attorney and former Electronic Frontier Foundation lawyer; Alex Fowler, Mozilla privacy and public policy expert; Christopher Soghoian, American Civil Liberties Union advocate and privacy expert; Adam Langley, Google security expert, and Chris Palmer, Google Chrome security engineer. 
The RSA Conference is scheduled for next month in San Francisco.

Jeffrey Carr [SOURCE:]

According to documents leaked by former NSA contractor Edward Snowden, the NSA entered into a $10 million contract with RSA to place a flawed formula within encryption software (which is widely used in personal computers and other products) to obtain "back door" access to data. The RSA software that contained the flawed formula was called Bsafe, which was meant to increase security in computers. The formula was an algorithm called Dual Elliptic Curve, and it was created within the NSA. RSA started using it in 2004 even before the National Institutes of Standards and Technology (NIST) approved it. 
RSA said it had no idea that the algorithm was flawed, or that it gave the NSA back door access to countless computers and devices. The NSA reportedly sold the algorithm as an enhancement to security without letting the RSA in on its real intentions. 
"Recent press coverage has asserted that RSA entered into a 'secret contract' with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries.  We categorically deny this allegation," said RSA in a blog post.
Many in the security community were surprised at RSA's entanglement with the NSA, but the latest news of a $10 million contract as well has really shocked the industry.
RSA is known as a pioneer in the realm of computer security, and has notoriously fought off the NSA in previous attempts at breaking encryption in the 1990s. 
"I can't imagine a worse action, short of a company's CEO getting involved in child porn," said Carr. "I don't know what worse action a security company could take than to sell a product to a customer with a backdoor in it.”

Source: CNET

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Real Believable
By Reclaimer77 on 1/9/2014 7:59:59 PM , Rating: -1
Those wifi networks were unsecured. 'Nuff said. The reality is that publicly-available wireless networks fall into a legal gray area that isn't defined very well. Google didn't "steal" anything, or even violate any expectation of privacy per se. All Google did was intercept airwaves that were trespassing in its vehicles.

When you say it was "illegal", the only place this has been ruled illegal was in Germany. I don't live in Germany, so frankly I don't care. And if I did, I would tell my idiot German countrymen to secure their routers!

RE: Real Believable
By GulWestfale on 1/10/2014 7:47:33 AM , Rating: 1
so the german government is bad for trying to protect its citizens, which is its job, as a government??

RE: Real Believable
By Reclaimer77 on 1/10/2014 9:07:26 AM , Rating: 2
What? I think you're getting way off the point here dude. I never said that, that's not even the issue.

RE: Real Believable
By ven1ger on 1/13/2014 3:02:22 PM , Rating: 2
The German government should have mandated that vendors/manufacturers who sell commercial routers to have them secured from initial setup. Did Google do anything with this illegal data that was being collected from unsecured routers? Did Google steal any of the bandwidth off these unsecured devices, or mine the data off of them? But, it's okay for the actual thieves that steal your info or utilize the bandwidth off these devices.

It's kind of stupid to broadcast yourself to the neighbor and not expect someone will be listening. If the German gov't really wanted to protect people's privacy, then they should penalize the companies that sell these routers unsecured, but then again, maybe the German gov't wants to be able to spy on their citizens.

“We do believe we have a moral responsibility to keep porn off the iPhone.” -- Steve Jobs

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki