F-Secure's Mikko Hypponen Cancels RSA Talk In Protest 248
An anonymous reader writes "In a letter to RSA executives, F-Secure's Mikko Hypponen says he is canceling his talk at the 2014 RSA Conference, due to the company's deal with the NSA, and how the agency has treated foreigners."
From the letter: "
I don’t really expect your multibillion dollar company or your multimillion dollar conference to suffer as a result of your deals with the NSA. In fact, I'm not expecting other conference speakers to cancel. Most of your speakers are american anyway — why would they care about surveillance that’s not targeted at them but at non-americans. Surveillance operations from the U.S. intelligence agencies are targeted at foreigners. However I’m a foreigner. And I’m withdrawing my support from your event."
I support Mr. Mikko Hyppone (Score:5, Insightful)
As an American, I am giving my moral support to Mr. Hyppone for his courage to speak up against the unspeakable and despicable things that NSA has done !
Re: (Score:3)
Also AS AN AMERICAN i give a big "here-here " for Mr. Hyppone
more people INCLUDING us citizens should do this !!!!!
Re:I support Mr. Mikko Hyppone (Score:4, Funny)
Re: (Score:2)
Re: (Score:2)
Except that in US two party system you cannot go out and vote for a cause like this, unless it's made an election center topic. In a political system that accomodates smaller parties and relies on political coalitions, its possible.
US however cannot escape the two party system as its basically mathematical emergent property of the voting system winner-take-all setup. If things were changed to range voting for example, you COULD vote for a cause like this.
Re: (Score:2, Insightful)
Americans don't have that key on our keyboards.
Re:I support Mr. Mikko Hyppone (Score:5, Funny)
Sö whät?
Re:I support Mr. Mikko Hyppone (Score:4, Funny)
Re: (Score:2)
Americans don't have that key on our keyboards.
http://copypastecharacter.com/
Re: (Score:3)
Or do what everyone does, which is use the closest equivalent on the keyboard.
Re: (Score:3)
Re: (Score:2)
I'm sure there's some FOSS out there that does the same thing too.
Linux has the compose key [fsymbols.com]; I set mine to CapsLock. Best use for the blasted key I can think of — though I'm obviously still too lazy to compose-key my apostrophe into a proper curly one 99% of the time...
Re: (Score:2)
Re:I support Mr. Mikko Hyppone (Score:5, Interesting)
But beware, if you do that you might end up typing something stupid or embarrassing.
Consider: "Feliz año nuevo" - it means "Happy new year". The ñ isn't merely an accented character, it's a letter in its own right, and choosing the letter "n" instead seems innocent enough, but "Feliz ano nuevo" means "happy new anus".
Re:I support Mr. Mikko Hyppone (Score:4, Informative)
Just type alt-u, then o ö.
Re:I support Mr. Mikko Hyppone (Score:5, Funny)
Fuck, why does my browser have a menu item "utilities | open goatse"???
Re: (Score:3)
Re: (Score:2)
Did slashcode just start supporting uncode?
Re: (Score:2)
Not necessary. They're part of the extended ASCII code (the symbols past 0x80).
Re: (Score:3)
....of course he didn't just type them on his kb.. (Score:2)
you know what's really funny then? if I just type the letters on my nordic keyboard... WANNA GUESS DO THEY WORK? FUCK NO! FUCKNO! this is what comes out after pressing submit: ÃÃÃÃÃÃÃÃÃÃÃ
Re: (Score:2)
There's some dirt on top of one of your o's. You should shake the crumbs out of your keyboard.
Re:I support Mr. Mikko Hyppone (Score:5, Funny)
Re: (Score:2)
Re:I support Mr. Mikko Hyppone (Score:5, Insightful)
No... it's not normal. Governments spy on governments generally, not on citizens.
If you consider it normal for the NSA to spy on EU citizens, then you must consider it normal for GCHQ, MI6, and all the other European agencies to spy on US citizens. Most of the western agencies share a lot of their intelligence, so most of the stuff MI6 knows about you goes straight back to the NSA and other agencies anyway, without them having to spy on you.
Do you consider it normal and acceptable for European agencies to be spying on American citizens? Really?
Re: (Score:2)
then you must consider it normal for GCHQ, MI6, and all the other European agencies to spy on US citizens.
I mean, I feel like youd be naieve to assume they dont try, and its absurd to get mad at them for doing what spies do. You can not like it, but its the reality.
The difference is that GCHQ / MI6 / whoever isnt beholden to me. The US government and its branches are.
Re: (Score:2)
This is an outstanding question and one I'd love to hear Americans answer.
No... it's not normal...
Do you consider it normal and acceptable for European agencies to be spying on American citizens? Really?
Re:I support Mr. Mikko Hyppone (Score:4, Insightful)
Spying on citizens of other countries is normal.
What's normal or not normal is irrelevant to me.
ALL countries do it, throughout history.
Even if true, that's utterly irrelevant.
Having the NSA spy on Americans is what citizens of the USA should be protesting.
I'm protesting both.
Re: (Score:2)
The NSA doesnt report to non-US citizens. Thats the difference.
Re: (Score:2)
Pretty sure those guys dont work at RSA anymore. Im also pretty sure Ron Rivest was just assisting Newegg's defense against patent trolls within the past month, so perhaps lighten up on the "hope he dies" rhetoric.
Americans not targeted? (Score:5, Insightful)
Hypponnen needs better news sources.
Re: (Score:2)
As an american... (Score:5, Insightful)
As an american, I don't believe for one second that it's not targeted at us, too. Mr. Hypponen has my support, as well.
Mikko says "time to act" (Score:4, Informative)
As an American (Score:5, Insightful)
Re:As an American (Score:4, Insightful)
Exactly. I keep hearing Europeans going on and on about how we (Americans) are "totally fine with it." It's utter bullshit. There's a difference between liking something and being unable to stop it. The reasoning behind this is that since Americans aren't rioting, apparently we're in full support of it (or something like that; it is never made clear). Strangely enough, I don't see anything like that happening in any other country, either, yet your governments are all doing the same thing as ours.
It is important to remember that we're all in this together. It is a world problem, not a US problem. It just so happens that the story broke in the US and a major player has been held to light.
I promise you, we Americans support you withdrawing from dealing with the criminals and their friends.
Re: (Score:2, Insightful)
The reasoning behind this is that since Americans aren't rioting
Why are you not rioting then? The image that you are just sitting on your asses and doing nothing is not completely unfounded.
It is important to remember that we're all in this together. It is a world problem, not a US problem.
Maybe, but the scale and depth of the NSA surveillance projects are way beyond anything else on this planet. You clearly are the biggest offender.
Re:As an American (Score:5, Funny)
Re:As an American (Score:5, Insightful)
"Why are you not rioting then?" - several riots were attempted to be formed, but the NSA learned about them through their surveillance programs, and blew up the areas in question with drones, declaring them terrorist attacks. They then used their control over the internet to squash all news about it.
Who would mod this "funny"?? It should be "insightful".
Re:As an American (Score:5, Insightful)
Why are you not rioting then? The image that you are just sitting on your asses and doing nothing is not completely unfounded.
For the same reason you aren't. Did you even read what I wrote? Every country is up to the exact same thing. We've got Canada, UK, and others that are making absolutely no push to stop their country's wrong-doings. We've got France that is openly jealous of the NSA and says they want to increase their own amount of surveillance. Then we have the US, where we are slowly making legal process and trying to get this shit shut down in a non-violent matter. And yet, it is non-Americans complaining that we aren't doing anything?
Seriously. Explain that.
Re:As an American (Score:5, Insightful)
The UK is a major offender with GCHQ, but our government has been shamingly successful in closing down debate on the issue compared with what's happening in the US. The main response from our wonderful government has been to threaten the Guardian. This in a country where (happily) you still don't risk life and limb by opposing the government. The sad fact is that people here don't care about their freedom as much as Americans do.
As I often point out to the pretty numerous people I meet who object to some new lunacy in American politics - you may complain about this, but whatever you think about [whatever], be sure there are Americans who care just as much about [whatever] and are actually trying to do something about it.
Re: (Score:2)
lol.. You seriously expect people to rise up in public against the Schutzstaffel or Komitet gosudarstvennoy bezopasnosti and protest them? I mean seriously, you just found out that the government is spying on the citizens and say it is bad because the government can construe it any way they like to damage someone's reputation, jail them, ruin their good name, or any number of other
Re: (Score:3)
You seriously expect people to rise up in public against the Schutzstaffel or Komitet gosudarstvennoy bezopasnosti and protest them?
before I order all that, I need to know how much those cost and whether they go better with white or red wine.
Re: (Score:3)
Rioting? Really? That's going to help?
See, in the USA, unlike most of the world, we have this concept of "rule of law". It's a little slower than rioting, but it generally produces better results.
Re: (Score:3)
lol (Score:2, Insightful)
Dude... seriously? You think the rule of law is going to have any impact on this situation? Admit it... we are all cowards
Re: (Score:2)
Re: (Score:2)
What do you do when the law no longer applies to the government or its agencies? Unfortunately you have allowed things to get to the point where storming NSA headquarters is looking more and more like a necessary step to getting your rights back.
I hope that we can fix the internet and stop the spying, but with new tech arriving all the timeI think the only long term solution is to get rid of the criminals doing it.
Re: (Score:2)
See, in the USA, unlike most of the world, we have this concept of "rule of law".
Dude, you need to wake the fuck up. That country no longer exists.
Re: (Score:2)
Why are you not rioting then?
What're you stupid? That would be playing right into their hands. "We need more surveillance to stop the subversive terrorist inciting these riots." It would give them more ammunition to further usurp the constitution.
Re:As an American (Score:4, Insightful)
Protests and even riots do happen. But you don't think your news media would cover them, do you?
Our media learned that they don't even have to lie to skew our view on the world. They just have to select the things they report about carefully. Tell me: How much, and what, have you heard about the protests that border on riots in the Ukraine?
Re: (Score:3)
Tell me: How much, and what, have you heard about the protests that border on riots in the Ukraine?
I tried getting close, but those ukraine girls really knocked me out.
Re: (Score:2)
Strangely enough, I don't see anything like that happening in any other country, either, yet your governments are all doing the same thing as ours.
No they aren't - we make sure that our elected officials are neither so smart, nor so well funded, as yours are.
Re: (Score:2)
That's Funny... (Score:2)
Unfortunately the NSA Gathers Data on EVERYONE (Score:5, Informative)
Re: (Score:2, Insightful)
A secret court in a "free" country is fucking scary.
Re: (Score:2)
lol @ "under this program". because there are no other progams. none.
Re: (Score:2)
lol @ "under this program"
Hey, those are all based on direct quotes from our illustrious leaders.
And I forgot to add that even in cases where they do "monitor" the data by actually intentionally looking at it they only look at data for 3 degrees of separation from the target. Never mind that it almost certainly includes literally tens of thousands of people when you consider that the target called to order pizza or the cable company or something.
Re: (Score:2)
That would be fine, right?
If you're asking me that you might want to consider a sarcasm meter adjustment.
RSA and American software (Score:5, Insightful)
The bottom line is that the world is no longer confident about software written in the US, and will seek alternatives sourced from Europe, Russia, China and elsewhere to regain the security and privacy which they believe they have lost.
The NSA will be directly responsible for a shift away from US standards, US software and US protocols ... because without confidence, those standards, software and protocols don't mean a damn thing. RSA, by simply going along with the NSA has damaged its brand name, possibly irreparably.
Re:RSA and American software (Score:4, Insightful)
That's pretty much the main danger behind it: The US are going to be seen as worse than China when it comes to security.
China has a pretty bad rep in that department. Allegedly they pushed malware on some of the electronic gadgets they produce. Or ... did the US just tell us they do so we'd buy their stuff?
Now, it's pretty hard to get around China when you're buying electronics. Pretty much everything is built over there. OTOH, it's much easier to avoid US goods. Pretty much everything produced in the US is also produced in the EU at similar quality and price.
Re: (Score:2)
Re: (Score:2)
The bottom line is that the world is no longer confident about software written in the US, and will seek alternatives sourced from Europe, Russia, China and elsewhere to regain the security and privacy which they believe they have lost.
And that is sad, because there is no reason to trust Russia or China any more than any one else. Less, in fact.
If you have an email account in Russia or China you just naturally assume its fully monitored. By both sides.
What I do trust is open source, regardless of its country of origin. Much of this still comes from the US, Germany, India, etc, and even Russia.
And now we are forewarned. Fool us once, shame on you. Fool us twice, shame on us. What ever comes out of this will be better and stronger, and
Re: (Score:3, Interesting)
EOL on XP coiniciding with all these revelations and doubts will hopefully inspire the businesses and governments fo the world to turn their eyes to OSS. Of course there are those that can't or at least think they can't but can at least test, examine or add a few lines of code. How many of those that can have customers or partners tied to the same programs as them? How much can be run from XP images in virtual machines?
Some have already moved to OSS, some are in the process and some are just thinking about
Company Value? (Score:3, Interesting)
How did the stock market react? RSA's mother company is EMC, isn't it? There doesn't seem to be much of an effect, on the contrary, gaining half a percent today? Or am I looking at the wrong data?
Re: (Score:2)
Apparently the brokers assume (correctly, if you ask me) that managers don't have the foggiest clue what this entails and hence it won't affect sales.
Just you wait 'til one of those oh so important manager pulp magazines writes about it!
Re: (Score:3)
You mean the stock market that the NSA controls? If they receive beams of light, they can send them, scramble them, cause packet delays, etc. In a world of super low latency high frequency trades, PRISM rules.
Good (non) job (Score:5, Insightful)
Re: (Score:2)
CC: PJ@GrockLaw.net
Re: (Score:2)
s/rock/rok/
Re: (Score:2)
Re:Good (non) job (Score:4, Interesting)
Noam Chomsky noted in a lecture I heard him give a few years ago that it's only in America that people ask things like "... well, what can we do?" Everywhere else he lectures, he says people come up to him and tell him what they personally are doing to combat inequity and injustice.
If Americans can personalize the injustices and inequities they face, maybe they can begin to figure out what they can do to fight back. There certainly is no incentive for US government agencies and US corporate interests to do anything but they currently are.
Two Different Companies (Score:5, Informative)
As symbolic as this is, It's worth pointing out that the RSA Conference and RSA Security are two separate corporate entities (and I worked with both, producing RSA Security's own booth content at RSA Conference 2011). They do however, all funnel back up to EMC (y'know.. the world's largest storage systems corporation).
Say WHAT? (Score:2)
Mr. HyppÃnen hasn't been paying attention if he believes "surveillance thatâ(TM)s not targeted at them but at non-americans". That's the NSAs line, but the Snowden revelations have shown that to be pretty much a lie. They're willing to spy on Americans who are up to three hops from a target, and they're Hoovering up American's call records wholesale.
TED (Score:5, Informative)
Other countries would do the same (Score:4, Insightful)
I hate to be *that guy*, but everyone needs to understand two significant points:
1. After a couple month of watching the PRISM scandal unforld I now believe this is a "Hiroshima moment". Never before in human history was it possible to spy on everyone. To have a file on everyone. The secret services (the bad as well as the good) always had to focus on a select few. No more. We are living in 1984.
2. I firmly believe the main reason why other spy agencies are not doing what the NSA is doing is because of their limited capabilities. Both in less money and resources, but also in reach. Google, Facebook, Apple and Microsoft are US based. Many important internet exchanges as well. This point is especially important, because of the US tradition of transparency and whistleblowing. As American as the NSA may be, Snowden is even more so. I can't imagine a Chinese Snowden. And even if he existed, would they have a broad discussion on that subject in China? How about Russia? Or even the UK? GHCQ has been as bad as the NSA, yet do we see a broad and honest discussion about it in London?
I hate the constant and ubiquitous surveillance, but the technology advances were the ones that brought them here. The NSA were only the first and foremost ones that took advantage of the new tools. They become cheap fast. Soon every spy agency will have them. This is a very useful and helpful discussion we are having right now. Because we either need to encrypt everything and move everyone onto Tor, or get used to having a file on everyone. There is no "gentlemen's agreement" (no-spy-agreement, UN accord, whatever), because there is no way to enforce it.
Re:Guilty and impossible to prove innocent (Score:5, Informative)
RSA has categorically denied that they cut a deal with the NSA. But Mr. Hypponen and the rest of the internet has declared them guilty based on unseen evidence. How is that fair?
First, no one said that life was fair. Secondly, RSA didn't categorically deny anything. Go parse their statement carefully. They've denied a specific scenario with several criteria, that's it.
Re: (Score:2)
Re: (Score:2)
Not only that, but if we're to believe security researchers were daft enough to screw up their security systems without being force to... See, morons or compromised they can't be trusted either way now.
Re: (Score:3)
Secondly, RSA didn't categorically deny anything. Go parse their statement carefully. They've denied a specific scenario with several criteria, that's it.
The quote is right there on the RSA's site. [rsa.com].
and the first sentence says:
Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.
They rattle on about with a bunch of marginally relevant stuff, then follow up with:
RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.
Two "categoricallys" within the half a page of text, and you missed both of them.
So right away, you are wrong. Clearly you didn't bother to read their statement at all.
The word categorically can never apply to a specific scenario [thefreedictionary.com].
Can they be innocent in all this. Its not inconceivable, they could have been duped by the NSA. But in that case they are i
Re:Guilty and impossible to prove innocent (Score:4, Informative)
Do they categorically deny taking a 10 million dollar payment from the NSA?
No. On that all they said was they "don't divulge details".
Do they categorically deny they incorporated Dual EC DRBG random number generator into its BSAFE encryption libraries?
No. They can't deny that. Because its clearly something they did in fact do.
Do they categorically deny they took 10 million dollars from the NSA to incorporate Dual EC DRBG into BSAFE?
Well... again.. no, not really. They categorically deny they ever intended to weaken products or incorporate known flaws.
Basically all they are categorically deny is that they KNEW what they were doing. Here's a decent article on it...
http://www.techdirt.com/articles/20131222/23532125671/rsas-denial-concerning-10-million-nsa-to-promote-broken-crypto-not-really-denial-all.shtml [techdirt.com]
Me, I havent' seen the documents alleging the connection bewtween 10M and setting Dual EC DRBG as default in BSAFE... and I would dearly like to see how much of a smoking gun it really is.
Re:Guilty and impossible to prove innocent (Score:5, Informative)
Not quite.
They denied a "secret contract" to incorporate a known flawed RNG into BSAFE.
They did NOT deny a secret contract to incorporate DRBG.
If they did not know, at the time they made the deal that the RNG was flawed, then they could truthfully claim they did not knowingly take money to incorporate a known flawed RNG.
The pedant in me would like them to categorically deny any link between the $10million and incorporating Dual EC DBRG.
They didn't actually do that.
Given just how much scrutiny they KNEW their statement would be put under; and the fact that their lawyers would have reviewed the thing before it going up, it is striking that so many news sources are identifying it as a dodge rather than a head o denial.
Here's another article...
http://www.theverge.com/2013/12/23/5237788/rsa-nsa-backdoor-non-denial [theverge.com]
Its hard to believe, again, given just how much scrutiny they KNEW their statement would be under, that the lack of certainty was anything but calculated.
Re: (Score:2)
the only accusation they categorically deny.. is that they knew that it was weaker. that's not much of a category but there you have it. the entire fucking thing is written so that you would walk away from it thinking they deny other things as well.
and well, apparently it worked, since you were so sure about it that you didn't even read the linked article.
again, the only category of things they deny is specifically _knowing_ that the rng was teh suck and that they knew it. it doesn't deny even that NSA knew
Re: (Score:3)
GP was speaking metaphorically. That have categorically denied some things that were not relevant, but they were not the things they were accused of. Did they get paid $10m by the NSA to use a poor cryptographic solution? Yes, they did, and neither of their categorical statements address this.
Re: (Score:2)
incorporate a known flawed random number generator into its BSAFE encryption libraries
that's the only thing they deny.
they deny that it was known to be flawed. if they admitted that they knew it was flawed, it wouldn't matter at all who paid for it's inclosure now would it??
Re: (Score:3)
If they got it with the help of or input from the NSA , and they take it at face value, they are either incompetent, or naive. So guilty, naive, or incompetent. Does it really matter? Goose cooked. Either way.
Re:Guilty and impossible to prove innocent (Score:5, Insightful)
You can expect that to become a trend. The NSA has well and truly fucked over the entire American IT security industry. Even ultra-low-end "security" products like home broadband routers have become suspect, thanks to their interference.
Fair? No. Obvious consequence of the NSA's actions? Absolutely. People haven't trusted them for decades - Anyone remember Tempest? Or the improved S-Boxes that made DES more resistant to an attack that wouldn't exist for another 25 years? But in the back of our minds, we always told ourselves they might count as completely scary bastards, but at least they counted as our completely scary bastards. Now we know better - They have zero regard for US law and work for no one but themselves.
On a positive note, I'd still rather see the TSA disbanded first. But at this point, they both need to go.
Then again, this just follows a loooong history of ineffective, illegal, self-serving "intelligence" agencies in the US, from Hoover's FBI to Bush-the-elder's CIA to our current situation, you'd think we'd eventually learn and say "no more". Sadly, most people don't even have a clue we have a problem, or worse, outright support giving up our freedoms if it will protect us from the evil brown people across the sea.
Pathetic, the whole lot of us.
Re: (Score:2)
You can expect that to become a trend. The NSA has well and truly fucked over the entire American IT security industry. Even ultra-low-end "security" products like home broadband routers have become suspect, thanks to their interference.
Much as I truely *loathe* the NSA crimes of late, I must stand in their defense on this one- at least with how you stated it. The security of *all* (low and high end) security products like home broadband routers was *extremely* suspect even before the Snowden revelations. The mere fact that the industry is allowed to operate like this (mobile phones that never get security updates are as bad or worse), is what clued people like me into the scope of what could be revealed by someone like Snowden. It's be
Re: (Score:2)
Well, the TSA is a nuisance. The NSA is a criminal organization.
Re: (Score:2)
From what I see, both are criminal organizations.
Re: (Score:2)
The TSA is incompetently criminal - incompetent at their job, and their job isn't per se bad, but it's unnecessary and so poorly-done as to be criminal.
The NSA is effective. They had secret courts set up just to rubber-stamp their authority and even then they couldn't stick to the loosely-written rules. They have near-complete monitoring of communications, and if they don't have their own wet-work outfit, they can get you thrown in Gitmo simply by claiming to have some evidence (I'm not even sure they need
Re: (Score:2)
As Ars explained [arstechnica.com], "RSA's defense seems to be that officials didn't know the NSA-influenced deterministic random bit generator had weaknesses that could be exploited to crack adversaries' cryptographic keys."
Whether bribery was involved or not, RSA used an algorithm without validating the math.
Re: (Score:3)
Please read the complete RSA press release and parse it carefully: https://blogs.rsa.com/news-media-2/rsa-response/ [rsa.com]
They don't deny that they entered into a deal. They deny that they entered into a deal "with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products". In other words, there was a deal, but they are insisting that they didn't realize at the time that the algorithm had a backdoor.
If there was no deal at all, they wouldn't have felt a ne
Re: (Score:2, Insightful)
You haven't done your research.
It has been known for years that the RSA pushed an unsecure algorithm by default, and suspected it was intended as a backdoor. What wasn't known was their motivation behind it. We recently have been given information that the NSA gave them money in exchange for their service. Sure, you can claim it was all made up, but everything else given to us by Snowdown to date has been accurate. Meanwhile, those that would be negatively impacted by these revelations (such as the NSA, the
Re: (Score:2)
The problem is that so many lies have been flying around in that whole shit that there is imply NOTHING anymore that anyone would believe the NSA or its cronies.
It's a bit like with the Soviet propaganda of the old times. After a while you simply knew that they are lying. You have caught them so many times that you wouldn't even believe them if they told you the sky was blue, if you can't verify their claim, it was safe to assume that it's a lie.
The NSA is about as bad.
Re:Guilty and impossible to prove innocent (Score:5, Informative)
RSA has categorically denied that they cut a deal with the NSA. But Mr. Hypponen and the rest of the internet has declared them guilty based on unseen evidence. How is that fair?
Oh no you didn't...
RSA was aware that the Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) had been back doored since 2007,
http://yro.slashdot.org/story/13/12/23/0357228/rsa-flatly-denies-that-it-weakened-crypto-for-nsa-money?utm_source=rss1.0mainlinkanon&utm_medium=feed [slashdot.org]
They waited an ample 5 years before they warned that it shouldn't be used.
http://it.slashdot.org/story/13/09/21/2143250/rsa-warns-developers-not-to-use-rsa-products [slashdot.org]
I'm sure they just wanted to double check their findings first.
Re: (Score:2)
Make sure you tell them why.
Re: (Score:3)
I am dropping RSA as my SSO secuity system and prepping for another now.
I would have hoped ya'll would have got that hint in 2011 after a breach at RSA compromised their customers FOBs... better late than never.
Re: (Score:2)
Why the "or"? Considering the way they act and their goals, an "and" seems more appropriate.