Accusations that the security company RSA is colluding with the National Security Agency (NSA ) have led several security professionals who cancel their talks at the RSA Conference in San Francisco February . Now some are calling for a boycott of the technology company owned by EMC .
Jeffrey Carr, author and founder of security firm Taia Global, was outraged by an article by Reuters in December that claimed RSA had accepted $ 10 million from the NSA to include encryption scheme deliberately weakened - based on Elliptic Curve deterministic Random Bit Generation (Dual -CE- DRBG ) in their products.
NSAeagle_circle_bigRSA said he never " design or enable backdoors " into their products, but has not explained why he accepted $ 10 million from the intelligence agency . The company said it continued to use Dual -CE- DRBG in its product line Bsafe even after doubts were raised about it in 2007 as the U.S. National Institute of Standards and Technology (NIST ) has not recommended any changes in the algorithms.
After Edward Snowden leaks revealed that the NSA had they placed a backdoor in Dual -CE- DRBG , the security company removes the rule from its product line .
RSA " can not escape responsibility "
But Carr , who had already taken the RSA Conference with F -Secure , Mikko Hypponen and Josh Thomas Atredis Partners, said the changes had to be forced in the division of EMC , which was responsible for some of the encryption most used and effective standards in the world .
" RSA can not escape the responsibility to provide BSAFE product committed for the last 9 years saying ' we just followed NIST " and " our customers had a choice ,'" Carr said in a blog.
" This is a serious violation of its own mission statement not to mention his own illustrious history of defending the integrity of encryption against government attempts to weaken it.
"It needs to be a boycott of the products of RSA across the industry . 's Not enough to just talk about how bad it is . "
Professor Ross Anderson , head of cryptography at the University of Cambridge, said a boycott TechWeekEurope technology RSA was " squeaky clean " . " If you find that your wife has been selling sex on the side, then your next call might be to a divorce lawyer ," he said .
"There are ample precedents . At the end of the war between Iran and Iraq, it was revealed that the NSA had secretly Crypto AG , a Swiss company selling cipher machines to governments not aligned. Iranians worked this after they realized that Iraqis were reading all your traffic ( Rumsfeld was a good friend of Saddam in those days) . As a result , some governments changed suppliers . "
Anderson noted that the application for security researcher Jake Appelbaum and activist that NSA Trojans were viewed using RSA ciphers , RC6 , to encrypt data being stolen . RC6 is still owned by RSA and is not open source . Anyone using , you may have to pay a fee .
Peter Sommer , an expert in computer forensics, TechWeek said " it is right that security researchers require responses RSA - . I put Cisco in the same category "
RSA Conference boycott nonsense ?
Akamai Security Evangelist Martin McKeay , speaking in his personal blog that do not express the views of his employer, said that anyone who wanted to send a message RSA should " stop buying their products and tell you why ," adding : "That's hear a message loud and clear. "
However, he said the RSA Conference is actually a different company RSA , so it will boycott the event soon .
" It has its own management structure , its own bottom line , its own profit and loss reports. And only a small fraction of the mainstream corporate income " McKeay wrote . "As such , any impact that boycotting the conference might have will be very diluted when it reaches the central administration of society.
" A large number of attendees does not occur in order to make an impact is needed. "
RSA had no comment on the boycott calls and conference technology .
ليست هناك تعليقات:
إرسال تعليق