Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reuters: RSA Weakened Encryption For $10M From NSA

Posted by timothy on from the 30-pieces-of-silver-seemed-too-derivative dept.

Lasrick writes "As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned." Asks an anonymous reader: "If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"

14 of 464 comments (clear)

  1. RSA sold you out by Anonymous Coward · · Score: 5, Insightful

    The NSA sold its own customers out to the US government for the price of an NYC apartment.

  2. That's a tiny number by bob_super · · Score: 5, Insightful

    Considering that this kind of revelations could cause massive exodus of all RSA's non-US (and many US) customers, that's a surprisingly low number.

    1. Re:That's a tiny number by Anonymous Coward · · Score: 5, Insightful

      Considering that this kind of revelations could cause massive exodus of all RSA's non-US (and many US) customers, that's a surprisingly low number.

      A massive exodus to where exactly?

      When an organization like the RSA can be bought, what in the hell makes you think the rest aren't too, regardless of country.

    2. Re:That's a tiny number by gmuslera · · Score: 5, Insightful

      Companies/organizations from other countries aren't forced by law to both do it, and not tell that they did it. Even if you includes countries like UK, Sweden, South Korea and a few others as compromised, there is plenty of room for independent development. And, of course, open source solutions indepently reviewed. But the point is, if you want security, don't buy anything from US companies. Weakening crypto means that not only NSA can access it.

    3. Re:That's a tiny number by TheGratefulNet · · Score: 5, Insightful

      if you want security, don't buy anything from US companies

      I'm both sad and PISSED OFF that the nsa has fucked america in such a way.

      this has clearly hurt (and will continue to hurt) our economy.

      isn't the current theme "its the economy, stupid!" ?

      if so, then we really should make the nsa pay for this loss of stature in the world, loss of trust and loss of business.

      dare I say it, its border-line treason. there should be mass jailings for all who had anything to do with SEVERLY DAMAGING OUR ECONOMY in this way.

      --

      --
      "It is now safe to switch off your computer."
    4. Re:That's a tiny number by manquer · · Score: 5, Insightful

      what makes you think that foreign Governments didn't have already access to the information?,

      if Snowden could get access so easily to so much without getting noticed, what makes you think any state couldn't have just easily bribed any other sysadmin and kept getting the same info?

      You should really question the NSA security policies, for an organization which infiltrates networks regularly to have such poor security is appalling.

      Surprisingly that doesn't seem to come up in this whole dialog about Snowden leaks. Everyone seems to think NSA is some all knowing efficient organization, the perfect big brother.

      To me it seems they are woefully incompetent in even keeping basic access control policies in place.

      Before anyone starts explaining about how it is difficult not to give root access to sys admins etc, it is not exactly rocket science to have peer reviewed access control polices even for sys admins, and alert systems in place depending on the amount of data being accessed over a period of time etc. if I think of 5 different measures of the cuff, I am sure any serious security consultant worth his fees should be able to do much much better.

      I cannot stress this enough if a company losses data like this as happening fairly frequently these days, while worrying, I can on some level understand that it is not their core business, and perhaps they didn't spend enough on security and missed a step or two, but for an organization whose main objective is to do break into networks, this is plain stupid.

  3. "We have established what you are, madam. ..." by bill_mcgonigle · · Score: 5, Insightful

    "... We are now merely haggling over the price."

    Oh, no, wait, it's $10M.

    (apologies to George Bernard Shaw)

    P.S. - AC, yes, if you used an RSA CA appliance with the default Dual EC DRBG PRNG configuration, your private key is probably easy to break and your traffic easy to intercept/decrypt if you're not using perfect forward secrecy (assuming that's not on an RSA appliance).

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  4. Not a surprise, but still... by surfdaddy · · Score: 5, Insightful

    I mean, what the FUCK? The land of freedom and liberty. That's what I was always taught. We have a Constitution, which includes protections against unreasonable search. And now my FUCKING GOVERNMENT is doing pretty much anything you can conceive of in the name of spying on everybody including the people of the United States. They are so FUCKING PARANOID that EVERYTHING is on the table, including the privacy and liberty of the citizens. I lower my head in FUCKING SHAME as to what has become of this country.

    1. Re:Not a surprise, but still... by Mr.+Shotgun · · Score: 5, Insightful

      The NSA is doing everything it can to save your ass.

      No, fuck you. You do not save this country by pissing on the document that created it. Violating the trust and privacy of the citizens is not the way to save them. This country was made great by holding to the standards of freedom and justice, although there were missteps along the way. But we tried to hold firm to that which made us great.

      But lately it has been acting like a scared child jumping at shadows in the kitchen. They have been selling everyone out and violating every protection in the constitution. All for NOTHING. There is no boogy man in the closet, no monster under the bed. The greatest enemy this country faces right now is this "War on terror", because it is destroying us faster and more thoroughly than anyone else could ever hope to do. And apologists like you are helping them right along.

      --
      Of all tyrannies, a tyranny sincerely exercised for the (supposed) good of its victims may be the most oppressive
    2. Re:Not a surprise, but still... by artor3 · · Score: 5, Insightful

      This country was made great by holding to the standards of freedom and justice,

      lol

      They teach you that in grade school? Where was the freedom and justice for the natives, or the slaves, or the women, or the non-Protestants? Where was freedom for the interned Japanese, or justice for people accused of Communism during the red scare? Where was the freedom and justice for all the South Americans and Middle Easterners, as they were ruled by our blood-thirsty puppets?

      Fuck, was there ever even a single ten year period in which this country "held to the standards of freedom and justice"?

      No. There never was. This country is great because it was founded by people who could easily slaughter their only nearby opponents. It's great because after slaughtering the natives, there were ample resources to go around. It's great because our ancestors were immoral enough to build an economy on the backs of slaves, and later on the backs of immigrants who worked themselves to death in hopes of attaining a wealth that none would ever see. It's great because we were left nearly untouched while the rest of the developed world was bombed to ash during WWII. It's great by accident.

      Don't blame the NSA for ruining the Land of the Free. That place never existed outside of storybooks. Reality has always been a lot messier, you're just noticing it for the first time.

    3. Re:Not a surprise, but still... by cbhacking · · Score: 5, Insightful

      Even ignoring the highly questionable aspects of the pledge which you carefully omitted from your quote, nationalism is just the grotesquely overgrown brother of tribalism, itself a badly flawed concept. At least within a tribe, it's hard to keep secrets or conceal abuses of power. It still promotes an unthinking herd behavior, a sense of "us vs. them, and clearly they're worse than us or they'd be part of us". At the national level, it fuels wars and xenophobia. It is the tools of propagandists and of those who would re-write history and get away with it (as you yourself noted, with regard to Jackson).

      I find it disgusting that a nation which arose out of a rebellion against government mistreatment tries to brainwash its children into giving their allegiance to anything so inherently flawed as a human government. Would you have supported colonial children in the 1770s being required to stand up every day in school, and swear allegiance to the Union Jack, and the monarchy for which it stands? Do you think it's cool that there are probably kids right now swearing their allegiance to the People's Republic of [Korea|China|the Congo|whatever] and the glorious freedom and representation that their government bestows upon them?

      Liberty and justice for all? Give me a break! Pure propaganda, and you don't even need to be *that* smart or well-educated to see it for the lie it is; you just need to start from the assumption that the American Way is *not* The One True Way, and look up some facts. Facts like per-capita prison population, or the breakdown of said population relative to the populace at large. Facts like the mere existence of places like Gitmo. Facts like the government's treatment of Snowden, and their hasty effort to scrub from their websites, etc. all mention of the Obama administration's moral and righteous promises to protect and support whistleblowers. Or how about the states where gays, or transgender people, are forced to live as second-class citizens (and, in a handful of very backward parts of the country, criminals)? The very concept that there exists "one nation, under God, indivisible, with liberty and justice for all" is a tremendous lie. Teaching our children that such a thing not only exists, but that they live in it; forcing them to chant those lines every weekday of their young lives to the point that they absorb it before they're even old enough to know that sometimes the things you're taught are wrong? That is beyond the pale. It is despicable and deplorable.

      Now, actually pledging liberty and justice, that's not so awful. It should still be taught as a *concept* and not as a mantra, but pledging to protect liberty and promote justice is a noble and virtuous thing to say. Too bad that's nowhere in the pledge of allegiance as it stands today, though. No, we were told to pledge allegiance to a flag and a nation, not a concept. We didn't even pledge to uphold the constitution, the way so many civil servants are required to do.

      --
      There's no place I could be, since I've found Serenity...
  5. Catastrophic by Anonymous Coward · · Score: 5, Insightful

    Wow. With one single contract, RSA just destroyed their whole business. A company in the trust business cannot allow themselves to lose their customers' trust.

    No RSA product can ever be trusted again.

    1. Re:Catastrophic by swillden · · Score: 5, Insightful

      Wow. With one single contract, RSA just destroyed their whole business. A company in the trust business cannot allow themselves to lose their customers' trust.

      No RSA product can ever be trusted again.

      Except that RSA destroyed their whole business a couple of years ago when it was found that they'd left the root keys for their SecureID tokens on an unsecured, network-connected machine. After that no one could trust them again.

      But people did, and they'll continue doing so after this, watch and see.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  6. They didn't know! by hawguy · · Score: 5, Insightful

    "They did not show their true hand," one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption."

    Right, the NSA, known to be codebreakers, paid them $10M to include their "special" algorithm, and no one had any idea that it could be compromised. Right. Why else would they pay them to use it?