RSA takes one for the team, but which team?

RSA_EMCEdward Snowden says (according to Reuters) that RSA Security accepted $10 million from the National Security Agency in exchange for installing (or allowing to have installed) a secret backdoor so the NSA could decrypt messages as it pleased. Hell no says RSA (a division of storage vendor EMC), stating in very strong terms that this was not at all the case. But then in a second day look at the RSA/EMC statement bloggers began to see the company as dissembling, their firm defense as really more of a non-denial denial. So what’s the truth here and what’s the lesson?

For the truth I reached deep into the bowels of elliptic […]

The enemy of my enemy

Nortel Networks, the bankrupt Canadian telecom company, came that much closer to disappearing completely yesterday with the cash sale of its portfolio of 6000 patents for $4.5 billion to a consortium of companies including Apple, EMC, Ericsson, Microsoft, Research In Motion (RIM), and Sony. The bidding, which began with a $900 million offer from Google, went far higher than most observers expected and only ended, I’m guessing, when Google realized that Apple and its partners had deeper pockets and would have paid anything to win. This transaction is a huge blow to Google’s Android platform, which was precisely the consortium’s goal.

Google is the youngest of these companies and has probably the smallest patent portfolio, most […]

By |July 1st, 2011|2011|216 Comments

When Engineers Lie

Twenty years ago, when I was writing Accidental Empires, my book about the PC industry, I included near the beginning a little rant about how good engineers were incapable of lying, because their work relied on Terminal A being positive and not negative and if they lied about such things then nothing would ever work. That was before I learned much about data security, where apparently lying is part of the game. Well, based on recent events at RSA, Lockheed Martin, and other places, I think lying should not be part of the game.

Was there a break-in? Was data stolen? Was there an unencrypted database of SecureID seeds and serial numbers? All we […]

By |June 9th, 2011|2011|119 Comments

InsecureID: No more secrets?

Update — Though I chose to keep secret the identity of the defense contractor to limit the damage it was subsequently revealed by Reuters to be Lockheed-Martin. There was one additional detail presented at the end of a story in Saturday’s New York Times.

Back in March I heard from an old friend whose job it is to protect his company’s network from attack. “Any word on just what was compromised at RSA?” he asked, referring to how the RSA Data Security division of EMC had been hacked. “I suspect it was no more than a serial number, a seed, and possibly the key generation time. The algorithm has been known for years […]

By |May 25th, 2011|2011|137 Comments