I'm glad that article points out that the RSA reply is carefully crafted and avoids mentioning whether or not the $10 Million was taken or not. I see that a security researcher, Mikko Hypponen, has cancelled his talk at the upcoming RSA conference:

http://www.pcworld.com/article/2082900/security-researcher-cancels-talk-at-rsa-conference-in-protest.html

[quote]The researcher said he didn't expect EMC or the conference to suffer as a result of the alleged deals with the NSA. Nor did he expect other conference speakers to cancel. Most of the speakers at the conference are American so why would they care about surveillance that's not targeted at them but at non-Americans, Hypponen wrote. Surveillance operations by U.S. intelligence agencies are targeted at foreigners, he added.[/quote]

I applaud his action and agree that RSA likely won't suffer immediately, I do not share his certainty that Americans are not being targeted by this surveillance.

RSA can be seen lying here:

http://www.theregister.co.uk/2013/12/23/rsa_nsa_response/

How else would they handle this matter? "Yeah, we fucked up, and we're really sorry for being a shoddy piece of shit company." RSA, go fuck yourselves for the little bit of time that you are still around.

I owe Microsoft an apology here. Two of their researchers (Dan Shumow and Niels Ferguson) were sounding the alarm in 2007:

http://rump2007.cr.yp.to/15-shumow.pdf

Apparently they either were or were among the first.

You can get a pretty good idea of how all of this played out by reading a blog written by a Mr. Matthew Green:

http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html

RSA is going to play the: "we didn't know" card, which they already are. Anything coming from RSA now is to never be trusted again. They are lying, and will continue to lie in attempts to not completely fold. Screw RSA.

[attachment=0]linus-eff-you-640x363.jpg[/attachment]

Those of you in the know probably realize that Microsoft and RSA have a good many ties. Just saying.

There are news stories floating around about how RSA took $10,000,000 dollars from the NSA to use the NSA's encryption software as the default method for number generation in it's BSafe software. Many of the articles describe RSA as one of the most influential firms in the computer security industry. Something tells me that's about to change.

As reporter Kevin Drum puts it:

[quote]Well, look. There are a very limited number of reasons that the NSA would be so eager for you to use their encryption software that they'd be willing to pay you $10 million to do it. Surely someone at RSA must have had some inkling of what was going on.[/quote]


http://www.motherjones.com/kevin-drum/2013/12/nsa-paid-security-company-adopt-weakened-encryption-standards