Ross Anderson (previously) is one of the world's top cryptographers; the British academic and practitioner was honored by having his classic, Security Engineering, inducted into The Cybersecurity Canon; however, he was not able to attend the awards gala himself because the US government sat on his visa application for months, and ultimately did not grant it in time.
Read the rest
RSA has animated an excerpt of producer John Lloyd's excellent General Ignorance speech. Read the rest
I linked to the seven-hour video file from Trustycon, the convention held as an alternative to RSA's annual security event, inspired by the revelation that RSA took money from the NSA to sabotage its own products.
Now Al has broken down the video into the individual talks, uploading them to Youtube. This is very handy -- thanks, Al!
TrustyCon Videos Available
(Thanks, Al!) Read the rest
Several high-profile speakers have bailed on RSA's annual security conference over the revelation that the company sabotaged its products at the behest of the NSA. There's even a petition to get Stephen Colbert to cancel his keynote.
Now, there's an alternative conference that will run at the Metreon down the street from RSA's show. It's called Trustycon, and will feature Mikko Hypponen, Chris Palmer, and others. The conference is being run by EFF and Defcon, with sponsorship from Cloudflare and Microsoft. Read the rest
Ever since RSA got caught sabotaging its own products to aid the NSA for a piddling $10M, it's been corporation-non-grata in the security world. Prominent experts are bailing on the RSA conference where they'd been scheduled to speak. Now, a Fight for the Future petition is asking Stephen Colbert to walk away from his guest speaker slot. I hope he does -- Colbert's reputation is worth more than the fee he commands from RSA. Read the rest
On Christmas Day, F-Secure's Mikko Hypponen pulled out of RSA's annual security conference in protest over RSA's collaboration with the NSA (they weakened their own security to make NSA spying easier). He's not the only one: more security experts cancelled their RSA appearances, including Atredis's Josh Thomas and Jeffrey Carr, who has called for a boycott of the event. Read the rest
Today, Ars Technica reports on RSA's statement issued Sunday, denying-but-not-actually-denying Friday's Reuters exclusive that the security software firm received $10 million from the NSA "in exchange for making a weak algorithm the preferred one in its BSAFE toolkit." [Ars Technica] Read the rest
The foundation of Web security rests on the notion that two very large prime numbers, numbers divisible only by themselves and 1, once multiplied together are irreducibly difficult to tease back apart. Researchers have discovered, in some cases, that a lack of entropy—a lack of disorder in the selection of prime numbers—means by analogy that most buildings on the Web would stand in spite of gale winds and magnitude 10 earthquakes, while others can be pushed over with a finger or a breath. The weakness affects as many as 4 in 1,000 publicly available secured Web servers, but it appears in practice that few to no popular Web sites are at risk. Read the rest