RSA and Microsoft in Damage-Control Mode

Satya_Neen · February 26, 2014, 4:14pm

Couldn't find an English source so… German: http://www.heise.de/newsticker/meldung/RSA-Boss-Ja-wir-haben-mit-der-NSA-zusammengearbeitet-2125195.html

On the RSA Conference 2014 the RSA boss said that they indeed worked with the NSA and they did weaken the Dual_EC_DRBG algorithm because the NSA were their biggest client and they asked for it. They essentially say that this is completely fine because they just do what they get told to do by their client.

They also said that they have to work with the NSA because of the Information Assurance Directorate and that every other US company has to do the same. Them some more pretty talk about how this all is about the defense of the country.

Nothing new, just confirmations and another reason why you simply can NOT trust ANY US based company.

And then there was Microsoft. They still denial that they have any backdoor in their code and talks about the registry key NSAkey and asks the rhetorical question "Do you really think that we hide a secret backdoor in our code and then call the thing NSAkey?". The sentence of full of shit (e.g. he specifically said a "secret" backdoor which doesn't include obvious backdoors) and asking this as a rhetorical question implies the answer "No!" but it's certainly not that clear and there is no obvious answer to it.

Also nothing new, just Microsoft being Microsoft. There is no reason to trust them at all (friendly reminder, they were one of the first companies in the PRISM program; no source code; no reproducible builds; automatic updates; Trusted Computing; ...).

Ksajal · February 26, 2014, 5:17pm

I appreciate posting this article, spreading knowledge about these things is a very good thing.

As far as I am concerned, this is not news to me. I have already decided that any piece of software that doesn't have its source code publicly available is very likely to have a backdoor or spyware functionality built in. Why? Because this has shown to be very profitable (hello Google!), and there's almost no way for a user to find out since nobody has access to the source code.

Satya_Neen · February 26, 2014, 7:43pm

It's just sad to see so many people here using Windows. It's like they don't give a fuck.

Ksajal · February 27, 2014, 8:09am

It's exactly like that, people just don't care about their rights. They have never been taught the value of privacy as one of the principles on which freedom is based.

RSA publicly justifying the backdoor in their software by saying that the NSA can ask, and get, backdoors in their software because they are their client? By that logic, anyone can pay a software company to install backdoors for their use. This is outright offensive to anyone with a shred of common sense, RSA should be shot, hanged and then shot again for good measure.

Microsoft denying that there is an NSA backdoor in Windows? Laughably pathetic.