Reuters: RSA Weakened Encryption For $10M From NSA

Lasrick writes "As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned." Asks an anonymous reader: "If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"

Re:NSA security policies

[itsphilip]

I'm not a Windows fanboy or anything (Full disclosure: I use it my media center and gaming PC, everything else is Mac (laptop and desktop), BSD (NAS box, FreeNAS and pfSense at my house) and Linux (my web hosting and ssh access to my house without exposing a PC with a bunch of data on it to the open Internet). That said, other than blind allegiance to FOSS, there is little indication that with regular updates and proper policies and procedures that later versions of Windows Server (2008, 2008 R2, 2012) are somehow defective by design or less secure than their OSS alternatives. Granted, we can't see the source code WHICH IS A MAJOR PROBLEM. However, I've used it plenty in the enterprise and it's just fine. In fact, our Linux boxes were targeted and successfully rooted (remote attacks) in my mixed-tenant datacenter more frequently than the Windows boxes, hands down. In fact I can't recall a single remote Windows attack post-2008. Lots and lots and lots of wordpress/apache/LAMP etc. exploits however.