Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

F-Secure's Mikko Hypponen Cancels RSA Talk In Protest

Unknown Lamer posted about 8 months ago | from the conferences-in-america-considered-dangerous dept.

Security 248

An anonymous reader writes "In a letter to RSA executives, F-Secure's Mikko Hypponen says he is canceling his talk at the 2014 RSA Conference, due to the company's deal with the NSA, and how the agency has treated foreigners." From the letter: " I don’t really expect your multibillion dollar company or your multimillion dollar conference to suffer as a result of your deals with the NSA. In fact, I'm not expecting other conference speakers to cancel. Most of your speakers are american anyway — why would they care about surveillance that’s not targeted at them but at non-americans. Surveillance operations from the U.S. intelligence agencies are targeted at foreigners. However I’m a foreigner. And I’m withdrawing my support from your event."

cancel ×

248 comments

Sorry! There are no comments related to the filter you selected.

I support Mr. Mikko Hyppone (5, Insightful)

Taco Cowboy (5327) | about 8 months ago | (#45771191)

As an American, I am giving my moral support to Mr. Hyppone for his courage to speak up against the unspeakable and despicable things that NSA has done !

Re:I support Mr. Mikko Hyppone (1, Informative)

Anonymous Coward | about 8 months ago | (#45771213)

As an Finn, l am informing that his last name is neither Hypponen nor Hyppone, but Hyppönen. Thanks. :)

Re:I support Mr. Mikko Hyppone (2, Insightful)

Anonymous Coward | about 8 months ago | (#45771253)

Americans don't have that key on our keyboards.

Re:I support Mr. Mikko Hyppone (5, Funny)

fustakrakich (1673220) | about 8 months ago | (#45771285)

Sö whät?

Re:I support Mr. Mikko Hyppone (1)

godel_56 (1287256) | about 8 months ago | (#45771291)

Americans don't have that key on our keyboards.

http://copypastecharacter.com/

Re:I support Mr. Mikko Hyppone (2)

murdocj (543661) | about 8 months ago | (#45771677)

Or do what everyone does, which is use the closest equivalent on the keyboard.

Re:I support Mr. Mikko Hyppone (2)

scubamage (727538) | about 8 months ago | (#45771863)

If you're using a mac, you can press and hold the "o" key and it will pop up as an option. I'm sure there's some FOSS out there that does the same thing too. Windows folks, well, go learn some alt codes.

Re:I support Mr. Mikko Hyppone (0)

Anonymous Coward | about 8 months ago | (#45771885)

Wow, that's really lame that Macs don't even have basic functionality as character repeat.

Alternative (0)

Anonymous Coward | about 8 months ago | (#45772081)

Or "alt + u" then hit "o". This works for some other letters töö.

Re:I support Mr. Mikko Hyppone (0)

Anonymous Coward | about 8 months ago | (#45771301)

But they can surely copy/paste, right?

Re:I support Mr. Mikko Hyppone (3, Informative)

beelsebob (529313) | about 8 months ago | (#45771313)

Just type alt-u, then o ö.

Re:I support Mr. Mikko Hyppone (5, Funny)

Anonymous Coward | about 8 months ago | (#45771485)

Fuck, why does my browser have a menu item "utilities | open goatse"???

Re:I support Mr. Mikko Hyppone (0)

Anonymous Coward | about 8 months ago | (#45771737)

Alt-148 works. Numeric keypad - make sure numlock is on. Never heard of that alt-u combo - can't find any programs which support it.

Re:I support Mr. Mikko Hyppone (-1)

Anonymous Coward | about 8 months ago | (#45771323)

you is a snownigger

Re:I support Mr. Mikko Hyppone (2)

onkelonkel (560274) | about 8 months ago | (#45771339)

Yes we do. How else could we type Mötörhead.

Re:I support Mr. Mikko Hyppone (1)

MichaelSmith (789609) | about 8 months ago | (#45771379)

Did slashcode just start supporting uncode?

Re:I support Mr. Mikko Hyppone (1)

Opportunist (166417) | about 8 months ago | (#45771577)

Not necessary. They're part of the extended ASCII code (the symbols past 0x80).

Re:I support Mr. Mikko Hyppone (2)

RichardDeVries (961583) | about 8 months ago | (#45771793)

Motörhead.

Re:I support Mr. Mikko Hyppone (1)

LurkerXXX (667952) | about 8 months ago | (#45771777)

There's some dirt on top of one of your o's. You should shake the crumbs out of your keyboard.

Re:I support Mr. Mikko Hyppone (1, Insightful)

LordLimecat (1103839) | about 8 months ago | (#45771335)

Hes protesting against surveillance of non-americans: exactly the opposite of what we should be protesting. Everyone spies, and its sort of the NSA's job. Whats not their job is to spy on Americans while bypassing the 4th amendment.

Re:I support Mr. Mikko Hyppone (0, Flamebait)

murdocj (543661) | about 8 months ago | (#45771693)

Hes protesting against surveillance of non-americans: exactly the opposite of what we should be protesting. Everyone spies, and its sort of the NSA's job. Whats not their job is to spy on Americans while bypassing the 4th amendment.

Exactly. Spying on citizens of other countries is normal. Really. ALL countries do it, throughout history. Having the NSA spy on Americans is what citizens of the USA should be protesting.

Re:I support Mr. Mikko Hyppone (5, Insightful)

Smauler (915644) | about 8 months ago | (#45771999)

No... it's not normal. Governments spy on governments generally, not on citizens.

If you consider it normal for the NSA to spy on EU citizens, then you must consider it normal for GCHQ, MI6, and all the other European agencies to spy on US citizens. Most of the western agencies share a lot of their intelligence, so most of the stuff MI6 knows about you goes straight back to the NSA and other agencies anyway, without them having to spy on you.

Do you consider it normal and acceptable for European agencies to be spying on American citizens? Really?

Re: I support Mr. Mikko Hyppone (0)

Anonymous Coward | about 8 months ago | (#45771799)

Well clearly the solution is simple. NSA spies on everyone BUT Americans. MI6 spies on everyone. And then the UK gives us the missing pieces on Americans and we give them the missing pieces on everyone. We just need to make AT&T etc play nice w/ UK.

Re:I support Mr. Mikko Hyppone (1)

Anonymous Coward | about 8 months ago | (#45772029)

Hes protesting against surveillance of non-americans: exactly the opposite of what we should be protesting. Everyone spies, and its sort of the NSA's job. Whats not their job is to spy on Americans while bypassing the 4th amendment.

You have missed one other detail which is quite significant.

RSA sold out to the NSA and secretly weakened its encryption in return
for a paltry sum of money, considering they ruined their reputations forever,
in both the business ethics and the personal ethics categories. Fuck Rivest,
Shamir, and Adleman, I hope they all get terminal cancer.

Most likely this is why the gentleman from Finland is choosing not to
attend this event.

Re:I support Mr. Mikko Hyppone (2)

JohnVanVliet (945577) | about 8 months ago | (#45772051)

Also AS AN AMERICAN i give a big "here-here " for Mr. Hyppone

more people INCLUDING us citizens should do this !!!!!

Americans not targeted? (5, Insightful)

rubycodez (864176) | about 8 months ago | (#45771207)

Hypponnen needs better news sources.

Re:Americans not targeted? (2)

matthewv789 (1803086) | about 8 months ago | (#45771347)

I think he's being a bit sarcastic.

Re:Americans not targeted? (1)

Anonymous Coward | about 8 months ago | (#45771827)

His news source is pretty accurate. Most Americans are apathetic to the NSA revelation, Slashdot is just a minority that is not in general. The practical effect to those apathetic Americans is that it is no different from being a non-target since the line of logic is if they're not doing anything wrong it shouldn't matter either way. Very short sighted view in my opinion.

As an american... (5, Insightful)

g4c (919548) | about 8 months ago | (#45771215)

Most of your speakers are american anyway â" why would they care about surveillance thatâ(TM)s not targeted at them but at non-americans.

As an american, I don't believe for one second that it's not targeted at us, too. Mr. Hypponen has my support, as well.

Mikko says "time to act" (3, Informative)

Pav (4298) | about 8 months ago | (#45771791)

In Mikkos own words it's time to act [youtube.com] . I guess this means he is taking his own advice. I have in my own very small way been pushing up the price of surveilance : https everywhere, disconnect, duckduckgo etc... haven't been motivated enough for Tor yet because I share a slow connection. Still, we can and must act in small ways in our browsing behavior, purchasing decisions, and any other ways we can come up with. We're lucky that others of us are already acting in not so small ways, and we must support them.

LOL (-1, Troll)

Anonymous Coward | about 8 months ago | (#45771217)

Good. He is probably a terorrist anyway.

Re: LOL (0)

Anonymous Coward | about 8 months ago | (#45771247)

Well, considered one at the very least. You're either with the NSA or a terrorist, right?

Re: LOL (1)

Opportunist (166417) | about 8 months ago | (#45771589)

Why the "or"? Considering the way they act and their goals, an "and" seems more appropriate.

trolltasktic (0)

Anonymous Coward | about 8 months ago | (#45771263)

token troll comment

As an American (4, Insightful)

djbckr (673156) | about 8 months ago | (#45771231)

Let me just say that, by far, most of us Americans *do* care about the surveillance going on in our country. And we're horrified by it.

Re:As an American (0)

Anonymous Coward | about 8 months ago | (#45771295)

"Most"? Citation needed

Re:As an American (0)

Anonymous Coward | about 8 months ago | (#45771315)

You're gosh darned tooting' we care. Catching them terrorists is our number one priority. Most of us care and support the program completely!

Re:As an American (4, Insightful)

Anonymous Coward | about 8 months ago | (#45771319)

Exactly. I keep hearing Europeans going on and on about how we (Americans) are "totally fine with it." It's utter bullshit. There's a difference between liking something and being unable to stop it. The reasoning behind this is that since Americans aren't rioting, apparently we're in full support of it (or something like that; it is never made clear). Strangely enough, I don't see anything like that happening in any other country, either, yet your governments are all doing the same thing as ours.

It is important to remember that we're all in this together. It is a world problem, not a US problem. It just so happens that the story broke in the US and a major player has been held to light.

I promise you, we Americans support you withdrawing from dealing with the criminals and their friends.

Re:As an American (2, Insightful)

jones_supa (887896) | about 8 months ago | (#45771375)

The reasoning behind this is that since Americans aren't rioting

Why are you not rioting then? The image that you are just sitting on your asses and doing nothing is not completely unfounded.

It is important to remember that we're all in this together. It is a world problem, not a US problem.

Maybe, but the scale and depth of the NSA surveillance projects are way beyond anything else on this planet. You clearly are the biggest offender.

Re:As an American (4, Funny)

dAzED1 (33635) | about 8 months ago | (#45771483)

"Why are you not rioting then?" - several riots were attempted to be formed, but the NSA learned about them through their surveillance programs, and blew up the areas in question with drones, declaring them terrorist attacks. They then used their control over the internet to squash all news about it.

Re:As an American (5, Insightful)

Anonymous Coward | about 8 months ago | (#45771531)

Why are you not rioting then? The image that you are just sitting on your asses and doing nothing is not completely unfounded.

For the same reason you aren't. Did you even read what I wrote? Every country is up to the exact same thing. We've got Canada, UK, and others that are making absolutely no push to stop their country's wrong-doings. We've got France that is openly jealous of the NSA and says they want to increase their own amount of surveillance. Then we have the US, where we are slowly making legal process and trying to get this shit shut down in a non-violent matter. And yet, it is non-Americans complaining that we aren't doing anything?

Seriously. Explain that.

Re:As an American (4, Insightful)

bargainsale (1038112) | about 8 months ago | (#45771807)

Man's right.

The UK is a major offender with GCHQ, but our government has been shamingly successful in closing down debate on the issue compared with what's happening in the US. The main response from our wonderful government has been to threaten the Guardian. This in a country where (happily) you still don't risk life and limb by opposing the government. The sad fact is that people here don't care about their freedom as much as Americans do.

As I often point out to the pretty numerous people I meet who object to some new lunacy in American politics - you may complain about this, but whatever you think about [whatever], be sure there are Americans who care just as much about [whatever] and are actually trying to do something about it.

Re:As an American (1)

sumdumass (711423) | about 8 months ago | (#45771551)

Why are you not rioting then? The image that you are just sitting on your asses and doing nothing is not completely unfounded.

lol.. You seriously expect people to rise up in public against the Schutzstaffel or Komitet gosudarstvennoy bezopasnosti and protest them? I mean seriously, you just found out that the government is spying on the citizens and say it is bad because the government can construe it any way they like to damage someone's reputation, jail them, ruin their good name, or any number of other things it might find politically expedient and you are wondering why no one is jumping to become the first sheep going into the slaughter house?

Re:As an American (2)

murdocj (543661) | about 8 months ago | (#45771711)

Rioting? Really? That's going to help?

See, in the USA, unlike most of the world, we have this concept of "rule of law". It's a little slower than rioting, but it generally produces better results.

Re:As an American (2)

fisted (2295862) | about 8 months ago | (#45771835)

Except your current little problem of your own government not giving a fuck about the law

Re:As an American (0)

Anonymous Coward | about 8 months ago | (#45771985)

Except your current little problem of your own government not giving a fuck about the law

That is the problem, yes. But it's a current one. It might change. Hell, it has changed in the past in the US through democracy and time. Rioting? All that would do right now is send the message that those rioting cannot be reasoned with and resort to violence as a first measure to resolve their problems. Rioting is the second-to-last option (the last being revolt), not the first one.

lol (2, Insightful)

Anonymous Coward | about 8 months ago | (#45771859)

Dude... seriously? You think the rule of law is going to have any impact on this situation? Admit it... we are all cowards

Re:As an American (1)

pepty (1976012) | about 8 months ago | (#45771887)

In the US, the right kind of riot can be extremely influential and alter the course of national politics overnight. See: Brooks Brothers Riot. The kind of riot where thousands of passionate people make a public stand on issues that don't affect their own salaries? Without being flown in on a corporate jet or being paid to attend? Not so much. That election pretty much predicted how rule of law would stack up against rule of man in the coming years.

Re:As an American (3, Insightful)

Opportunist (166417) | about 8 months ago | (#45771609)

Protests and even riots do happen. But you don't think your news media would cover them, do you?

Our media learned that they don't even have to lie to skew our view on the world. They just have to select the things they report about carefully. Tell me: How much, and what, have you heard about the protests that border on riots in the Ukraine?

Re:As an American (0)

Anonymous Coward | about 8 months ago | (#45771977)

Protests and even riots do happen. But you don't think your news media would cover them, do you?

Depends on the scale. And how "they" (not sure "they" would be here; just whoever is doing the covering) want to portray it. I could very easily see that being shown as patriots fighting oppression, and just as easily see it covered as terrorists attacking unprovoked, or even just a bunch of drunken idiots causing trouble. We both know the media is going to misrepresent it or simply choose to not cover it.

If there is/was protests or rioting in Ukraine over this global mass-surveillance, get it out there and let us know. Seriously, we want to know.

My stance on it is this: protesting and rioting isn't going to work here. In the US, the government is well aware that the people do not support them. Even before the leaks, congress had, what, 11% approval rating? Protesting just shows we aren't happy with them, and they've already shown they don't care.
As for riots, I don't think that is ever the right thing to do. It only results in the people getting hurt and property getting destroyed; the only people that suffer from this are the very people doing the rioting. That, and the government would find it as a justification to further strip our rights and spy on us even more.

We've seen twice already that it has been ruled unconstitutional and will undoubtedly be heading to the supreme court. We've got EFF, Wolf-pac, etc. pushing to see this governmental overreach shut down. We're making progress, although it is slow. Maybe I personally haven't done enough, but my donation to EFF and educating others around me has at least been something.

I am dropping RSA (0)

Anonymous Coward | about 8 months ago | (#45771243)

I am dropping RSA as my SSO secuity system and prepping for another now.

Re:I am dropping RSA (1)

MichaelSmith (789609) | about 8 months ago | (#45771395)

Make sure you tell them why.

Re:I am dropping RSA (2)

WaffleMonster (969671) | about 8 months ago | (#45771825)

I am dropping RSA as my SSO secuity system and prepping for another now.

I would have hoped ya'll would have got that hint in 2011 after a breach at RSA compromised their customers FOBs... better late than never.

Unfortunately the NSA Gathers Data on EVERYONE (4, Informative)

BBF_BBF (812493) | about 8 months ago | (#45771265)

Good for Mikko for taking a stand. Unfortunately, the NSA was monitoring Americans as well as foreigners, they just had to obfuscate their spying on American Citizens because it's illegal for them to target Americans without secret court permission.

Guilty and impossible to prove innocent (1, Troll)

Ralph Wiggam (22354) | about 8 months ago | (#45771279)

RSA has categorically denied that they cut a deal with the NSA. But Mr. Hypponen and the rest of the internet has declared them guilty based on unseen evidence. How is that fair?

Re:Guilty and impossible to prove innocent (4, Informative)

Rick Zeman (15628) | about 8 months ago | (#45771337)

RSA has categorically denied that they cut a deal with the NSA. But Mr. Hypponen and the rest of the internet has declared them guilty based on unseen evidence. How is that fair?

First, no one said that life was fair. Secondly, RSA didn't categorically deny anything. Go parse their statement carefully. They've denied a specific scenario with several criteria, that's it.

Re:Guilty and impossible to prove innocent (1)

dAzED1 (33635) | about 8 months ago | (#45771515)

wouldn't it be cool if there were any chance that a FOIA request could somehow get a line-item budget of all payments to outside companies, by the NSA, so that such a list could be parsed to find payouts such as the one to RSA?

Re:Guilty and impossible to prove innocent (0)

Anonymous Coward | about 8 months ago | (#45771625)

That would work, once. Then future payments would be carefully laundered.

Re:Guilty and impossible to prove innocent (0)

Anonymous Coward | about 8 months ago | (#45771761)

FOIA only works against the government, IIRC.

Re:Guilty and impossible to prove innocent (1)

VortexCortex (1117377) | about 8 months ago | (#45771695)

Not only that, but if we're to believe security researchers were daft enough to screw up their security systems without being force to... See, morons or compromised they can't be trusted either way now.

Re:Guilty and impossible to prove innocent (2)

icebike (68054) | about 8 months ago | (#45771749)

Secondly, RSA didn't categorically deny anything. Go parse their statement carefully. They've denied a specific scenario with several criteria, that's it.

The quote is right there on the RSA's site. [rsa.com] .
and the first sentence says:

Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.

They rattle on about with a bunch of marginally relevant stuff, then follow up with:

RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.

Two "categoricallys" within the half a page of text, and you missed both of them.
So right away, you are wrong. Clearly you didn't bother to read their statement at all.

The word categorically can never apply to a specific scenario [thefreedictionary.com] .

Can they be innocent in all this. Its not inconceivable, they could have been duped by the NSA. But in that case they are incompetent, so the stigma still attaches.

Re:Guilty and impossible to prove innocent (3, Informative)

vux984 (928602) | about 8 months ago | (#45771945)

Do they categorically deny taking a 10 million dollar payment from the NSA?

No. On that all they said was they "don't divulge details".

Do they categorically deny they incorporated Dual EC DRBG random number generator into its BSAFE encryption libraries?

No. They can't deny that. Because its clearly something they did in fact do.

Do they categorically deny they took 10 million dollars from the NSA to incorporate Dual EC DRBG into BSAFE?

Well... again.. no, not really. They categorically deny they ever intended to weaken products or incorporate known flaws.

Basically all they are categorically deny is that they KNEW what they were doing. Here's a decent article on it...

http://www.techdirt.com/articles/20131222/23532125671/rsas-denial-concerning-10-million-nsa-to-promote-broken-crypto-not-really-denial-all.shtml [techdirt.com]

Me, I havent' seen the documents alleging the connection bewtween 10M and setting Dual EC DRBG as default in BSAFE... and I would dearly like to see how much of a smoking gun it really is.

Re:Guilty and impossible to prove innocent (0)

icebike (68054) | about 8 months ago | (#45772003)

Quote You:

Do they categorically deny they took 10 million dollars from the NSA to incorporate Dual EC DRBG into BSAFE?

Quote RSA:

Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.

I agree that their statements will probably be proven to be less than forth coming, but clearly they did indeed deny taking 10 mill to put DRBG in BSAFE.

Re:Guilty and impossible to prove innocent (4, Informative)

vux984 (928602) | about 8 months ago | (#45772113)

Not quite.

They denied a "secret contract" to incorporate a known flawed RNG into BSAFE.

They did NOT deny a secret contract to incorporate DRBG.

If they did not know, at the time they made the deal that the RNG was flawed, then they could truthfully claim they did not knowingly take money to incorporate a known flawed RNG.

The pedant in me would like them to categorically deny any link between the $10million and incorporating Dual EC DBRG.

They didn't actually do that.

Given just how much scrutiny they KNEW their statement would be put under; and the fact that their lawyers would have reviewed the thing before it going up, it is striking that so many news sources are identifying it as a dodge rather than a head o denial.

Here's another article...

http://www.theverge.com/2013/12/23/5237788/rsa-nsa-backdoor-non-denial [theverge.com]

Its hard to believe, again, given just how much scrutiny they KNEW their statement would be under, that the lack of certainty was anything but calculated.

Re:Guilty and impossible to prove innocent (1)

Anonymous Coward | about 8 months ago | (#45772211)

... known flawed random number generator ...

And if they can claim at the time that they did not know it had flaws then they could still take 10M for putting it in via a secret contract and still truthfully claim what they have written. It does not mean that they did not accept money from the NSA for putting Dual EC DRBG into BSAFE via a secret contract - the total of all assertions together in the statement is being denied they have not separately refuted point by point that all of the following is not true:

1. A contract existed with the NSA (be it secret or commercial in confidence or something else).

2. That contract or agreement (written or verbal) either entirely or in part covered incorporating Dual EC DRBG into BSAFE.

3. That they were paid for this task.

4. They that were unaware of any issues surrounding flaws in the rng.

Without denying each point individually the statement as it stands is just fluff.

Re:Guilty and impossible to prove innocent (2)

Smauler (915644) | about 8 months ago | (#45772077)

GP was speaking metaphorically. That have categorically denied some things that were not relevant, but they were not the things they were accused of. Did they get paid $10m by the NSA to use a poor cryptographic solution? Yes, they did, and neither of their categorical statements address this.

Re:Guilty and impossible to prove innocent (1)

Therefore I am (1284262) | about 8 months ago | (#45771341)

If you lie down with dogs - you get fleas!

Re:Guilty and impossible to prove innocent (0)

Anonymous Coward | about 8 months ago | (#45771363)

They seem to have denied the existence of the deal just as the NSA and Obama denied the collection of Americans' phone records -- until further leaks confirmed it and they had to acknowledge its existence.

I'm sure there will be more related documents popping up in the media in the coming weeks that will make even the non-believers drop their jaws.

Re:Guilty and impossible to prove innocent (5, Insightful)

pla (258480) | about 8 months ago | (#45771389)

RSA has categorically denied that they cut a deal with the NSA. But Mr. Hypponen and the rest of the internet has declared them guilty based on unseen evidence. How is that fair?

You can expect that to become a trend. The NSA has well and truly fucked over the entire American IT security industry. Even ultra-low-end "security" products like home broadband routers have become suspect, thanks to their interference.

Fair? No. Obvious consequence of the NSA's actions? Absolutely. People haven't trusted them for decades - Anyone remember Tempest? Or the improved S-Boxes that made DES more resistant to an attack that wouldn't exist for another 25 years? But in the back of our minds, we always told ourselves they might count as completely scary bastards, but at least they counted as our completely scary bastards. Now we know better - They have zero regard for US law and work for no one but themselves.

On a positive note, I'd still rather see the TSA disbanded first. But at this point, they both need to go.

Then again, this just follows a loooong history of ineffective, illegal, self-serving "intelligence" agencies in the US, from Hoover's FBI to Bush-the-elder's CIA to our current situation, you'd think we'd eventually learn and say "no more". Sadly, most people don't even have a clue we have a problem, or worse, outright support giving up our freedoms if it will protect us from the evil brown people across the sea.

Pathetic, the whole lot of us.

Re:Guilty and impossible to prove innocent (2)

deconfliction (3458895) | about 8 months ago | (#45771495)

You can expect that to become a trend. The NSA has well and truly fucked over the entire American IT security industry. Even ultra-low-end "security" products like home broadband routers have become suspect, thanks to their interference.

Much as I truely *loathe* the NSA crimes of late, I must stand in their defense on this one- at least with how you stated it. The security of *all* (low and high end) security products like home broadband routers was *extremely* suspect even before the Snowden revelations. The mere fact that the industry is allowed to operate like this (mobile phones that never get security updates are as bad or worse), is what clued people like me into the scope of what could be revealed by someone like Snowden. It's been 6 months and it still almost feels unreal, just because of how unreal the prior decade felt. And it felt that way *because the NSA were actively hiding from the public, domestic and foreign, the swiss-cheese fabric of our internet and computing security*. But you can't be a typical slashdot reading techie, certainly now in retrospect, and say "oh, _now_ the security of these devices has become suspect". It was suspect all along. I would have expected to see monthly patches rolling out to my home router, if I imagined the device was being actively security-supported in any way. And the companies were probably just quid-pro-quo happy to not have to invest in real security for the devices. I'm sure the NSA probably leaked to the companies or the public, those security holes it wanted fixed, but kept to itself the ones it didn't want. Open source, many eyes folks. It's the first step toward the only real hope I see.

Re:Guilty and impossible to prove innocent (1)

Opportunist (166417) | about 8 months ago | (#45771639)

Well, the TSA is a nuisance. The NSA is a criminal organization.

Re:Guilty and impossible to prove innocent (1)

MobSwatter (2884921) | about 8 months ago | (#45771811)

Now we know better - They have zero regard for US law and work for no one but themselves.

On the contrary, being they sold the bush / bamster and congress on the starship enterprise control console (I pwn u spy sickness), they are the corporate bitches just as their leadership that allows/defends this. nsa needs to be "sandboxed" to prevent private sector business interference, cia has played this very quietly up until now but we all know about funding for black wars and dealing drugs to fund them, fbi needs to be put back in the box in being a purely domestic agency, dhs needs to come up with actual reasoning as to why it needs over 2 billion rounds of .223 ammo + military/armored personnel carriers, being a purely domestic agency and all. There truly needs to be reform, not the bamster snake oil type.

Re:Guilty and impossible to prove innocent (1)

innocent_white_lamb (151825) | about 8 months ago | (#45772169)

Tempest and S-Boxes? I'm wondering about se-linux, myself..

Re:Guilty and impossible to prove innocent (1)

MrEricSir (398214) | about 8 months ago | (#45771417)

As Ars explained [arstechnica.com] , "RSA's defense seems to be that officials didn't know the NSA-influenced deterministic random bit generator had weaknesses that could be exploited to crack adversaries' cryptographic keys."

Whether bribery was involved or not, RSA used an algorithm without validating the math.

Re:Guilty and impossible to prove innocent (2)

Just Brew It! (636086) | about 8 months ago | (#45771419)

Please read the complete RSA press release and parse it carefully: https://blogs.rsa.com/news-media-2/rsa-response/ [rsa.com]

They don't deny that they entered into a deal. They deny that they entered into a deal "with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products". In other words, there was a deal, but they are insisting that they didn't realize at the time that the algorithm had a backdoor.

If there was no deal at all, they wouldn't have felt a need to qualify the denial with the above quoted text.

Re:Guilty and impossible to prove innocent (2, Insightful)

Anonymous Coward | about 8 months ago | (#45771443)

You haven't done your research.

It has been known for years that the RSA pushed an unsecure algorithm by default, and suspected it was intended as a backdoor. What wasn't known was their motivation behind it. We recently have been given information that the NSA gave them money in exchange for their service. Sure, you can claim it was all made up, but everything else given to us by Snowdown to date has been accurate. Meanwhile, those that would be negatively impacted by these revelations (such as the NSA, the president, various large tech companies, etc.) have been caught lying non-stop about it. I wouldn't exactly say it is hard to imagine that the RSA is going to claim they weren't involved in an attempt to save themselves.

RSA has categorically denied that they cut a deal with the NSA.

Not quite. They have done no such thing. The RSA has not denied working with the NSA, accepting money, nor weakening encryption. They simply said they did not create a contract with the NSA. It was nothing but deflection using weasel words.

No matter how you want to spin in, the RSA are not the victims here. Citizens across the globe are. That is what is not fair.

Re:Guilty and impossible to prove innocent (0)

Anonymous Coward | about 8 months ago | (#45771757)

No matter how you want to spin in, the RSA are not the victims here. Citizens across the globe are. That is what is not fair.

Well put.

Now were both on the watch list.

Re:Guilty and impossible to prove innocent (1)

Opportunist (166417) | about 8 months ago | (#45771629)

The problem is that so many lies have been flying around in that whole shit that there is imply NOTHING anymore that anyone would believe the NSA or its cronies.

It's a bit like with the Soviet propaganda of the old times. After a while you simply knew that they are lying. You have caught them so many times that you wouldn't even believe them if they told you the sky was blue, if you can't verify their claim, it was safe to assume that it's a lie.

The NSA is about as bad.

Re:Guilty and impossible to prove innocent (4, Informative)

Trax3001BBS (2368736) | about 8 months ago | (#45771681)

RSA has categorically denied that they cut a deal with the NSA. But Mr. Hypponen and the rest of the internet has declared them guilty based on unseen evidence. How is that fair?

Oh no you didn't...

RSA was aware that the Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) had been back doored since 2007,
http://yro.slashdot.org/story/13/12/23/0357228/rsa-flatly-denies-that-it-weakened-crypto-for-nsa-money?utm_source=rss1.0mainlinkanon&utm_medium=feed [slashdot.org]

They waited an ample 5 years before they warned that it shouldn't be used.
http://it.slashdot.org/story/13/09/21/2143250/rsa-warns-developers-not-to-use-rsa-products [slashdot.org]
I'm sure they just wanted to double check their findings first.

RSA and American software (5, Insightful)

Anonymous Coward | about 8 months ago | (#45771287)

The bottom line is that the world is no longer confident about software written in the US, and will seek alternatives sourced from Europe, Russia, China and elsewhere to regain the security and privacy which they believe they have lost.

The NSA will be directly responsible for a shift away from US standards, US software and US protocols ... because without confidence, those standards, software and protocols don't mean a damn thing. RSA, by simply going along with the NSA has damaged its brand name, possibly irreparably.

Re:RSA and American software (3, Insightful)

Opportunist (166417) | about 8 months ago | (#45771687)

That's pretty much the main danger behind it: The US are going to be seen as worse than China when it comes to security.

China has a pretty bad rep in that department. Allegedly they pushed malware on some of the electronic gadgets they produce. Or ... did the US just tell us they do so we'd buy their stuff?

Now, it's pretty hard to get around China when you're buying electronics. Pretty much everything is built over there. OTOH, it's much easier to avoid US goods. Pretty much everything produced in the US is also produced in the EU at similar quality and price.

Re:RSA and American software (1)

icebike (68054) | about 8 months ago | (#45771873)

The bottom line is that the world is no longer confident about software written in the US, and will seek alternatives sourced from Europe, Russia, China and elsewhere to regain the security and privacy which they believe they have lost.

And that is sad, because there is no reason to trust Russia or China any more than any one else. Less, in fact.
If you have an email account in Russia or China you just naturally assume its fully monitored. By both sides.

What I do trust is open source, regardless of its country of origin. Much of this still comes from the US, Germany, India, etc, and even Russia.

And now we are forewarned. Fool us once, shame on you. Fool us twice, shame on us. What ever comes out of this will be better and stronger, and the entire world has learned a lesson. We will never rely on the laws on the books any more. Our tools are going to be written with the assumption that we are at war. And in a way, we are. And as a result the NSA's excesses will probably be shown to enable more terrorists, drug, and weapon smuggling than they ever prevented.

They are hoist by their own petard.

Re:RSA and American software (3, Interesting)

Anonymous Coward | about 8 months ago | (#45771911)

EOL on XP coiniciding with all these revelations and doubts will hopefully inspire the businesses and governments fo the world to turn their eyes to OSS. Of course there are those that can't or at least think they can't but can at least test, examine or add a few lines of code. How many of those that can have customers or partners tied to the same programs as them? How much can be run from XP images in virtual machines?

Some have already moved to OSS, some are in the process and some are just thinking about it. Those that despise the US government for its behaviour should help each other out and move completely away from closed source software and do something about everything being forced through a limited number of US centric telcom bottlenecks.

I sincerely hope there is a movement in the works better planned and worded then my weak attempts at it. Time for some changes.

No. No. That's not true. That's impossible! (0)

Anonymous Coward | about 8 months ago | (#45771325)

C'mon guys, cut 'em a break, it's not like they have an "out" or anything...

http://www.secureworks.com/cyber-threat-intelligence/threats/rsacompromise/
http://arstechnica.com/security/2011/06/rsa-finally-comes-clean-securid-is-compromised/
https://www.schneier.com/blog/archives/2011/10/full_extent_of.html

Company Value? (3, Interesting)

Anonymous Coward | about 8 months ago | (#45771345)

How did the stock market react? RSA's mother company is EMC, isn't it? There doesn't seem to be much of an effect, on the contrary, gaining half a percent today? Or am I looking at the wrong data?

Re:Company Value? (1)

Opportunist (166417) | about 8 months ago | (#45771703)

Apparently the brokers assume (correctly, if you ask me) that managers don't have the foggiest clue what this entails and hence it won't affect sales.

Just you wait 'til one of those oh so important manager pulp magazines writes about it!

Re:Company Value? (2)

VortexCortex (1117377) | about 8 months ago | (#45771739)

You mean the stock market that the NSA controls? If they receive beams of light, they can send them, scramble them, cause packet delays, etc. In a world of super low latency high frequency trades, PRISM rules.

Re:Company Value? (0)

Anonymous Coward | about 8 months ago | (#45772049)

How did the stock market react? RSA's mother company is EMC, isn't it? There doesn't seem to be much of an effect, on the contrary, gaining half a percent today? Or am I looking at the wrong data?

Because the stock market has made sense in the past.

What are you, fucking high?

Good (non) job (5, Insightful)

BringsApples (3418089) | about 8 months ago | (#45771359)

I support anyone that's willing to hit the breaks these days. Without people, nothing can succeed, nothing at all. If the only card we have to play - in this world of bullshit, lies and damn lies - is non-participation, then we have to play it. To keep going on like "everything is just what it is and there's nothing that we can do to change it" is to play into the continuation of the problem. To see others acting upon this truth is heart-warming and gives hope to others that are doing it.

Re:Good (non) job (1)

VortexCortex (1117377) | about 8 months ago | (#45771771)

CC: PJ@GrockLaw.net

Re:Good (non) job (1)

VortexCortex (1117377) | about 8 months ago | (#45771781)

s/rock/rok/

Re:Good (non) job (1)

BringsApples (3418089) | about 8 months ago | (#45772223)

Interesting website.

Two Different Companies (4, Informative)

databeast (19718) | about 8 months ago | (#45771475)

As symbolic as this is, It's worth pointing out that the RSA Conference and RSA Security are two separate corporate entities (and I worked with both, producing RSA Security's own booth content at RSA Conference 2011). They do however, all funnel back up to EMC (y'know.. the world's largest storage systems corporation).

dipshit (-1, Troll)

Anonymous Coward | about 8 months ago | (#45771477)

>I'm not expecting other conference speakers to cancel. Most of your speakers are american anyway — why would they care about surveillance that’s not targeted at them but at non-americans.

What an insulting fucking myopic crybaby, who obviously hasn't bothered paying attention to the news and everybodys' reactions for the last 6 months. Get a grip you massive whinger.

Re: dipshit (0)

Anonymous Coward | about 8 months ago | (#45771727)

yeah, a dipshit crybaby for sure.

Used F-Secure Blacklight to get rid of rootkits (0)

PaddyM (45763) | about 8 months ago | (#45771541)

Kudos to Mikko Hypponen for telling it like it is. Kudos to his company for making tools which help keep our computers safer.

Say WHAT? (1)

russotto (537200) | about 8 months ago | (#45771575)

Mr. HyppÃnen hasn't been paying attention if he believes "surveillance thatâ(TM)s not targeted at them but at non-americans". That's the NSAs line, but the Snowden revelations have shown that to be pretty much a lie. They're willing to spy on Americans who are up to three hops from a target, and they're Hoovering up American's call records wholesale.

TED (4, Informative)

jones_supa (887896) | about 8 months ago | (#45771815)

BTW here's Mikko's recent TED talk [youtube.com] on the topic if you haven't seen it yet.

I bet he didn't get refunded (0)

renzhi (2216300) | about 8 months ago | (#45772157)

It's nice and all that Mikko Hypponen withdrew his support for the RSA conference, but I bet he didn't get refunded. That sucks big.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>