Friday 17 January 2014

UPDATE 1-Experts protesting NSA deal boycott largest US security gathering - Reuters

Fri Jan 17, 2014 11:21pm IST

  By Joseph Menn      SAN FRANCISCO, Jan 17 (Reuters) - Several prominent computer  security experts have canceled appearances at the largest annual  U.S conference on security technology and are instead switching  to a rival gathering, as discord grows over U.S. intelligence  practices.      Nine security experts have ditched coveted speaking slots at  the annual RSA Conference, to be held next month in San  Francisco, in protest over the conference owner's dealings with  the National Security Agency.      Instead, they will speak at the new and smaller 'TrustyCon'  gathering to be held in the same city during the RSA event,  billed as the first 'Trustworthy Technology Conference.' Backers  include Def Con, which holds a major hacking conference each  year in Las Vegas and the nonprofit Electronic Frontier  Foundation.      Reuters reported last month that RSA Security, now a  division of data storage maker EMC Corp, incorporated a  flawed cryptography formula in a widely-used software tool under  a $10-mil federal contract. The NSA-developed formula is now  believed to have been breakable by the agency, though people  familiar with the RSA arrangement told Reuters that executives  had not realized that at the time.       "I don't think it's wrong for companies to work with the  government. What's important is being trustworthy and honest  with customers," said Alex Stamos. Stamos is involved in the  setting up of TrustyCon. "The most charitable reading is that  RSA failed to see the danger and didn't warn the customers."      RSA continued to use the NSA formula for years despite  cryptography experts calling it suspicious, recommending its  removal only when reports based on NSA documents leaked by  former U.S. spy agency contractor, Edward Snowden prompted a  federal standards body to drop its endorsement of the  technology.      RSA said in December that it never knowingly compromised  products and that a decade ago the NSA had been seen as a  helpful partner in developing security tools.      But Def Con founder, Jeff Moss said RSA "seemed to lack a  genuine interest in engaging with its customers" about what it  had done and why, as well as what it had learned.      The RSA's executive chairman, Art Coviello, is scheduled to  give one of the keynote speeches at the RSA event.      "It is not unusual for small events to happen alongside that  aim to leverage the momentum and publicity of the RSA  Conference, which is a good sign of a thriving industry event,"  the conference's organizers said in a statement on Friday,  referring to the rival gathering.      "We've always embraced these activities and the open,  healthy dialogue that springs from them."        DISAPPOINTMENT      Owned by RSA parent EMC, the RSA Conference depends on  outside advisors to select topics. The program committee chair  this year is Hugh Thompson, chief security strategist at Blue  Coat Systems Inc.      In an interview, Thompson said that while he was  disappointed that some speakers had canceled, there would still  be a great deal of discussion about Snowden's revelations and  the roles played by RSA and its peers.      "There are a lot of questions that have been raised about  the security infrastructure and how it works, and I do think  it's going to lead to a very healthy debate," Thompson said.  "This is a topic that is definitely going to be discussed."      More than 500 speakers will speak at the RSA Conference,  which organizers expect to attract more than last year's record  24,000 attendees.      Among those withdrawing from the RSA Conference include  Mikko Hypponen, chief research officer at Finland-based security  company F-Secure, two researchers from Google Inc  , and Jeffrey Carr, a consultant who runs his own  conferences on cyber intelligence-gathering and defense.      Some said the RSA deal struck such a nerve because it is the  first security company to be identified as having a contractual  relationship with the NSA that ultimately weakened security.  Others have slammed the conference withdrawals, citing many  companies and different countries are guilty of similar,  unreported behavior.      Hypponen, Moss, and RSA critics from the Electronic Frontier  Foundation and American Civil Liberties Union will be among the  TrustyCon presenters, Stamos said. Hypponen's speech will cover  malicious software created by governments.  



via Technology - Google News http://ift.tt/1kHzx79

IFTTT

Put the internet to work for you.

via Personal Recipe 2598265

0 comments:

Post a Comment