Menu
Security researcher cancels talk at RSA conference in protest

Security researcher cancels talk at RSA conference in protest

Mikko Hypponen, chief research officer of F-Secure, said he was protesting reports of a secret RSA-NSA deal

Security researcher Mikko Hypponen has canceled his talk at a RSA security conference in San Francisco, reacting to a report that the security division of EMC allegedly received US$10 million from the U.S. National Security Agency to use a flawed random number generator in one of its products.

In an open letter on Monday to Joseph M. Tucci, chairman and CEO of EMC, and(Art Coviello, executive chairman of RSA, Hypponen, who is chief research officer at Finnish security company F-Secure, referred to a report by Reuters which stated that RSA accepted a random number generator from the NSA, and set it as the default option in its product BSafe, in return for the payment from the NSA.

The RSA took money "secretly" from the NSA to embed the Dual EC DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) technology into its BSafe toolkit, according to the report on Friday.

The number generator used in a 2006 standard of federal agency National Institute of Standards and Technology came under scrutiny after former NSA contractor Edward Snowden suggested it provided back-door entry to NSA snooping, according to reports.

RSA has denied entering into a secret contract with the NSA. "We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption," it said in a statement Sunday.

Hypponen said RSA had not denied receiving $10 million from the NSA to use the random number generator. "You had kept on using the generator for years despite widespread speculation that NSA had backdoored it," he wrote.

The researcher said he didn't expect EMC or the conference to suffer as a result of the alleged deals with the NSA. Nor did he expect other conference speakers to cancel. Most of the speakers at the conference are American so why would they care about surveillance that's not targeted at them but at non-Americans, Hypponen wrote. Surveillance operations by U.S. intelligence agencies are targeted at foreigners, he added.

"However I'm a foreigner. And I'm withdrawing my support from your event," the Finnish researcher wrote. He had earlier tweeted that "If the Reuters story is true, I - for one - will be cancelling my invited talk and my panel participation in the upcoming RSA Conference."

The RSA conference runs from Feb 24 to 28. Among the keynote speakers and other speakers, listed on the website for the conference, are executives from Microsoft, Juniper Networks, Cisco, McAfee, Symantec and Hewlett-Packard. Hypponen was to speak on "Governments as Malware Authors" at the conference. The researcher said he had spoken eight times at RSA conferences in the U.S., Europe and Japan. "You've even featured my picture on the walls of your conference walls among the 'industry experts,'" he wrote in the letter.

EMC could not be immediately reached for comment on Hypponen's decision.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is john_ribeiro@idg.com


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags National Security Agencysecuritygovernmentemcrsa

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments