Security wonks put one of those fingers on each hand up.
May I have your attention, please? Next month's huge RSA security conference is in the spotlight over a growing number of boycotts by high-profile speakers. The conflab, run by EMC's (NYSE:EMC) RSA division is the lightning-rod for disquiet over alleged NSA backdoors inserted into RSA crypto software.
As you may recall, the smell of it is that RSA agreed to the NSA's request to use a default random-number generator that made it easy to crack customers' encrypted data. And its subsequent denial didn't really deny the core accusation.
In IT Blogwatch, bloggers ask, "He didn't just say what I think he did, did he?"
I repeat, your real, humble blogwatcher curated these bloggy bits for your entertainment. [We're gonna have a problem here -Ed.]
RSA and F-Secure poster-boy Mikko Hypponen first were divorced, just before Christmas:
I’ve been working with computer security since 1991. Nowadays I do quite a bit of public speaking. ... I have spoken eight times at...RSA Conference[s].
...On December 20th, Reuters broke a story alleging that your company accepted a random number generator from the National Security Agency, and set it as the default. ... You have not denied this particular claim [and] you had kept on using the generator for years despite widespread speculation that NSA had backdoored it.
...As my reaction to this, I’m cancelling my talk at the RSA Conference. ... I’m withdrawing my support from your event. MORE
Won't the real Jeffrey Carr please stand up?
Granted, I'm no Mikko...but I think it's vitally important that those of us who profoundly object to RSA's $10 million secret contract with the NSA do more than just tweet our outrage.
...RSA has issued the weakest of denials possible...failed to address most of the troubling points raised in Joe Menn's article for Reuters. This on top of RSA's horrible handling of its 2011 SecureID breach has shattered any remaining trust in the company. ... I hope that RSA and EMC's leadership will eventually rise to the occasion and be fully transparent.
...However unless and until RSA fully addresses this...I won't be speaking at any RSA events nor will I accept RSA as a sponsor. MORE
Christopher Soghoian returns with the, "Ah wait. No way. You're kidding."
I've given up waiting for RSA to fess up. ... I've just withdrawn from my panel at the RSA conference.
...The program chair of the RSA conference is a senior exec at infamous censorship tech firm Blue Coat. MORE
Sometimes, Marcia Hofmann wants to get on TV and just let loose... but can't:
I've decided to back out of my panel at RSA, too. No longer speaking on "The Boundary Between Privacy and Security: The NSA Prism Program." MORE
If we're lucky, Google's Adam Langley might just give RSA a little kiss:
I've become convinced that a public stance serves more than self-aggrandisement, so: I've pulled out of the Cryptographers Panel at RSA 2014.
...(I had already decided not to do it, but I pondered for a while whether I should say anything in public.) MORE
And Google's Chris Palmer got the Discovery Channel don't he?:
...Add me; I won't be talking about public key pinning. MORE
Women wave your pantyhose, sing the chorus, Matt Blaze goes:
I think jury is still out on whether RSA was negligently hoodwinked or deliberately sold out, but either deserves condemnation. MORE
Mozilla's Alex Fowler isn't just imitating:
[I] just backed out of the "Hot Topics in Privacy: A Dialog with Facebook, Google, Microsoft, Mozilla & Twitter" panel at RSA. MORE
So Josh Thomas gotta cuss in his raps:
Yes, my RSA talk is 100% pulled as a moral imperative.
...The company and then con are not actually tightly coupled fwiw, but I don't feel the need to lend my name to that ****. ... This is a battle worth standing up for. MORE
But Martin McKeay can't even stomach the boycotters:
I don’t think boycotting will do much. ... RSAC is, for all intents and purposes, a side company. ... It would take a huge number of attendees failing to show up in order to make an impact.
...If you think that NSA has been behaving badly and you really want to have an impact, go to the event and talk to people at the event...change your talk to include a slide or ten about what you believe RSA has done wrong...tell them why you think the RSA Corporation has crossed the line and spread the word.
...Quit buying their products and tell them why. Now that’s a message they’ll hear loud and clear. MORE
And all they do is annoy Jack Daniel (although he would like you to attend Security B-Sides, which runs in parallel with RSAC):
There are several motives at play in this, some honest, some not. Neither side has a monopoly on hypocrisy. MORE
Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.