SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Security Researcher Backs Out of RSA Conference Talk After NSA Controversy

F-Secure Chief Research Officer Mikko Hypponen said he is cancelling his talk at the upcoming RSA security conference in February due to reports RSA received money from the NSA several years ago to use a flawed algorithm in RSA’s BSAFE encryption product.

F-Secure Chief Research Officer Mikko Hypponen said he is cancelling his talk at the upcoming RSA security conference in February due to reports RSA received money from the NSA several years ago to use a flawed algorithm in RSA’s BSAFE encryption product.

The allegation against RSA, now a division of EMC, surfaced last week in a report by Reuters that said the company took $10 million from the security agency to make sure the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) was used by default in BSAFE. The algorithm was found to be flawed as early as 2006. However, the company kept using it by default until September, when the National Institute of Standards and Technology (NIST) advised organizations to stop using it.

In a letter to EMC CEO Joseph M. Tucci and Art Coviello, executive chairman of RSA, Hyponnen said he was backing out of his talk, which ironically was called ‘Governments as Malware Authors.’

“I don’t really expect your multibillion dollar company or your multimillion dollar conference to suffer as a result of your deals with the NSA,” Hypponen wrote. “In fact, I’m not expecting other conference speakers to cancel. Most of your speakers are American anyway – why would they care about surveillance that’s not targeted at them but at non-Americans. Surveillance operations from the US intelligence agencies are targeted at foreigners. However I’m a foreigner. And I’m withdrawing my support from your event.”

RSA said it had no comment on the matter when contacted by SecurityWeek. However, the company did issue a statement recently saying it had never engaged in any contract or project with the intent of weakening their own products or introducing backdoors for the NSA to use.

“We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption,” according to the company’s statement. “At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.”

The RSA conference runs from Feb 24 to 28 and will be held in San Francisco.

Written By

Marketing professional with a background in journalism and a focus on IT security.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Threat Detection and Incident Response Summit
May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Webinar: Which Security Testing Approach is Right for You?
March 25, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

Former Wiz executive Trish Cagliostro has joined Orchid Security as Chief Revenue Officer.

Transcend has named former UnitedHealth Group CISO Aimee Cardwell as CISO in Residence.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.