Less than two months after publicly announcing that he was pulling out of the RSA Security Conference because RSA had accepted a $10 million contract from the NSA, F-Secure chief researcher Mikko Hypponen appeared somewhat mellowed. He alternated between criticizing RSA and offering an olive branch when speaking to reporters last week in San Francisco, where the conference was under way. “I’m happy not to carry an RSA badge around my neck this time around,” Hypponen said. However, he had some kind words as well.
Your "because RSA had accepted a US$10 million contract from the United States National Security Agency" is not a very accurate description of the issue. RSA appears to have deliberately used, as the default choice in their software, a pseudorandom number generator known to be insecure, under circumstances strongly suggesting that it was designed to make material encrypted using it vulnerable to the NSA. The combination of that with a ten million dollar payment from the NSA to RSA strongly suggests that RSA was paid to betray its customers, to encourage them to use software designed to let the NSA break its encryption.
Loading ...
F-Secure's Hypponen: RSA Lost Trust
Posted by: Richard Adhikari March 3, 2014 11:05 AMLess than two months after publicly announcing that he was pulling out of the RSA Security Conference because RSA had accepted a $10 million contract from the NSA, F-Secure chief researcher Mikko Hypponen appeared somewhat mellowed. He alternated between criticizing RSA and offering an olive branch when speaking to reporters last week in San Francisco, where the conference was under way. “I’m happy not to carry an RSA badge around my neck this time around,” Hypponen said. However, he had some kind words as well.
For more details see:
http://www.wired.com/opinion/2013/12/what-we-really-lost-with-the-rsa-nsa-revelations/