Slashdot Mirror
Reuters: RSA Weakened Encryption For $10M From NSA
Lasrick writes "As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned." Asks an anonymous reader: "If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"
Considering that this kind of revelations could cause massive exodus of all RSA's non-US (and many US) customers, that's a surprisingly low number.
A massive exodus to where exactly?
When an organization like the RSA can be bought, what in the hell makes you think the rest aren't too, regardless of country.
I'm going back to using Cub Scouts with semaphore flags for messages, myself. If you can't trust a Cub Scout, who can you trust?
Apparently that is even in question if said Cub/Eagle Scout happens to be gay.
I'm not a Windows fanboy or anything (Full disclosure: I use it my media center and gaming PC, everything else is Mac (laptop and desktop), BSD (NAS box, FreeNAS and pfSense at my house) and Linux (my web hosting and ssh access to my house without exposing a PC with a bunch of data on it to the open Internet). That said, other than blind allegiance to FOSS, there is little indication that with regular updates and proper policies and procedures that later versions of Windows Server (2008, 2008 R2, 2012) are somehow defective by design or less secure than their OSS alternatives. Granted, we can't see the source code WHICH IS A MAJOR PROBLEM. However, I've used it plenty in the enterprise and it's just fine. In fact, our Linux boxes were targeted and successfully rooted (remote attacks) in my mixed-tenant datacenter more frequently than the Windows boxes, hands down. In fact I can't recall a single remote Windows attack post-2008. Lots and lots and lots of wordpress/apache/LAMP etc. exploits however.