Security researcher cancels talk at RSA conference in protest
Mikko Hypponen, chief research officer of F-Secure, said he was protesting reports of a secret RSA-NSA deal
IDG News Service - Security researcher Mikko Hypponen has canceled his talk at an RSA security conference in San Francisco, in response to a report that the security division of EMC allegedly received $10 million from the National Security Agency to use a flawed random number generator in one of its products.
In an open letter on Monday to Joseph M. Tucci, EMC's chairman and CEO, and Art Coviello, executive chairman of RSA, Hypponen, who is chief research officer at Finnish security company F-Secure, referred to a Reuters news service report which stated that RSA accepted a random number generator from the NSA, and set it as the default option in its product BSafe, in return for the payment from the NSA.
The RSA took money "secretly" from the NSA to embed the Dual EC DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) technology into its BSafe toolkit, according to the report on Friday.
The number generator used in a 2006 standard from the National Institute of Standards and Technology came under scrutiny after former NSA contractor Edward Snowden suggested it provided back-door entry to NSA snooping, according to reports.
RSA denied entering into a secret contract with the NSA. "We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption," it said in a statement Sunday.
Hypponen said RSA had not denied receiving $10 million from the NSA to use the random number generator. "You had kept on using the generator for years despite widespread speculation that NSA had backdoored it," he wrote.
The researcher said he didn't expect EMC or the conference to suffer as a result of the alleged deals with the NSA. Nor did he expect other conference speakers to cancel. Most of the speakers at the conference are American so why would they care about surveillance that's not targeted at them but at non-Americans, Hypponen wrote.
Surveillance operations by U.S. intelligence agencies are targeted at foreigners, he added.
"However I'm a foreigner. And I'm withdrawing my support from your event," the Finnish researcher wrote. He had earlier tweeted that "If the Reuters story is true, I - for one - will be cancelling my invited talk and my panel participation in the upcoming RSA Conference."
The RSA conference runs from Feb 24 to 28. Among the keynote speakers and other speakers, listed on the website for the conference, are executives from Microsoft, Juniper Networks, Cisco, McAfee, Symantec and Hewlett-Packard. Hypponen was to speak on "Governments as Malware Authors" at the conference. The researcher said he had spoken eight times at RSA conferences in the U.S., Europe and Japan. "You've even featured my picture on the walls of your conference walls among the 'industry experts,'" he wrote in the letter.
EMC could not be immediately reached for comment on Hypponen's decision.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Red Hat Enterprise Linux - The Original Cloud Operating System
- Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse
- Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center
- Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper
- Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support... All Government IT White Papers
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- All Government IT Webcasts