Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reuters: RSA Weakened Encryption For $10M From NSA

Posted by timothy on from the 30-pieces-of-silver-seemed-too-derivative dept.

Lasrick writes "As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned." Asks an anonymous reader: "If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"

4 of 464 comments (clear)

  1. Re:That's a tiny number by Anonymous Coward · · Score: 0, Flamebait

    Considering that this kind of revelations could cause massive exodus of all RSA's non-US (and many US) customers, that's a surprisingly low number.

    A massive exodus to where exactly?

    When an organization like the RSA can be bought, what in the hell makes you think the rest aren't too, regardless of country.

    I'm going back to using Cub Scouts with semaphore flags for messages, myself. If you can't trust a Cub Scout, who can you trust?

    Apparently that is even in question if said Cub/Eagle Scout happens to be gay.

  2. Re:That's a tiny number by ahabswhale · · Score: -1, Flamebait

    Actually, Snowden is the one who damaged the economy. Everyone was fat, dumb, and happy prior to his leaks. He decided that being a whistle-blower on illegal activities wasn't good enough and released every fucking piece of information he ever got his hands on. It was unbelievably irresponsible. The ends don't justify the means but they do to Snowden.

    As for "SEVERELY DAMAGING OUR ECONOMY", that remains to be seen.

    --
    Are agnostics skeptical of unicorns too?
  3. Re:That's a tiny number by ahabswhale · · Score: -1, Flamebait

    Um...no. He release EVERY FUCKING PIECE of information he had. The fact that he gave it to news outlets doesn't make it ok. I don't pay the fucking news outlets to guard my country's secrets. In fact, I would have to assume that some foreign governments have already retrieved the entire treasure trove of information because news outlets aren't experts on data security. Given the leaks, the NSA doesn't appear to be either but lets not add insult to injury.

    --
    Are agnostics skeptical of unicorns too?
  4. Re:NSA security policies by itsphilip · · Score: 1, Flamebait

    I'm not a Windows fanboy or anything (Full disclosure: I use it my media center and gaming PC, everything else is Mac (laptop and desktop), BSD (NAS box, FreeNAS and pfSense at my house) and Linux (my web hosting and ssh access to my house without exposing a PC with a bunch of data on it to the open Internet). That said, other than blind allegiance to FOSS, there is little indication that with regular updates and proper policies and procedures that later versions of Windows Server (2008, 2008 R2, 2012) are somehow defective by design or less secure than their OSS alternatives. Granted, we can't see the source code WHICH IS A MAJOR PROBLEM. However, I've used it plenty in the enterprise and it's just fine. In fact, our Linux boxes were targeted and successfully rooted (remote attacks) in my mixed-tenant datacenter more frequently than the Windows boxes, hands down. In fact I can't recall a single remote Windows attack post-2008. Lots and lots and lots of wordpress/apache/LAMP etc. exploits however.