WATCH: RSA short "What Do We Need To Know?"


RSA has animated an excerpt of producer John Lloyd's excellent General Ignorance speech. Read the rest

Videos of individual Trustycon talks

I linked to the seven-hour video file from Trustycon, the convention held as an alternative to RSA's annual security event, inspired by the revelation that RSA took money from the NSA to sabotage its own products.

Now Al has broken down the video into the individual talks, uploading them to Youtube. This is very handy -- thanks, Al!

TrustyCon Videos Available (Thanks, Al!) Read the rest

Boycott RSA, attend Trustycon instead!

Several high-profile speakers have bailed on RSA's annual security conference over the revelation that the company sabotaged its products at the behest of the NSA. There's even a petition to get Stephen Colbert to cancel his keynote.

Now, there's an alternative conference that will run at the Metreon down the street from RSA's show. It's called Trustycon, and will feature Mikko Hypponen, Chris Palmer, and others. The conference is being run by EFF and Defcon, with sponsorship from Cloudflare and Microsoft. Read the rest

Petition: Stephen Colbert, don't speak at the RSA conference

Ever since RSA got caught sabotaging its own products to aid the NSA for a piddling $10M, it's been corporation-non-grata in the security world. Prominent experts are bailing on the RSA conference where they'd been scheduled to speak. Now, a Fight for the Future petition is asking Stephen Colbert to walk away from his guest speaker slot. I hope he does -- Colbert's reputation is worth more than the fee he commands from RSA. Read the rest

More experts pull out of RSA conference

On Christmas Day, F-Secure's Mikko Hypponen pulled out of RSA's annual security conference in protest over RSA's collaboration with the NSA (they weakened their own security to make NSA spying easier). He's not the only one: more security experts cancelled their RSA appearances, including Atredis's Josh Thomas and Jeffrey Carr, who has called for a boycott of the event. Read the rest

Security firm RSA issues lame non-denial of Reuters' report on NSA deal

Today, Ars Technica reports on RSA's statement issued Sunday, denying-but-not-actually-denying Friday's Reuters exclusive that the security software firm received $10 million from the NSA "in exchange for making a weak algorithm the preferred one in its BSAFE toolkit." [Ars Technica] Read the rest

Prime Suspect, or Random Acts of Keyness

The foundation of Web security rests on the notion that two very large prime numbers, numbers divisible only by themselves and 1, once multiplied together are irreducibly difficult to tease back apart. Researchers have discovered, in some cases, that a lack of entropy—a lack of disorder in the selection of prime numbers—means by analogy that most buildings on the Web would stand in spite of gale winds and magnitude 10 earthquakes, while others can be pushed over with a finger or a breath. The weakness affects as many as 4 in 1,000 publicly available secured Web servers, but it appears in practice that few to no popular Web sites are at risk.

Read the rest