Weekly security review: RSA lashes out over bribe allegations, mobile security takes spotlight
RSA, EMC’s security division, was recently dragged into the NSA scandal by a Reuters reporter accusing it of accepting a $10 million bribe from the spy agency to insert a vulnerability into the Dual Elliptic Curve Deterministic Random Bit Generator, or Dual EC DRBG, a widely used cipher implemented by companies worldwide.
If the story is to be believed, the encryption stalwart – which in the 1990s opposed a plan to equip computers with chips that would allow the US government to spy on users – purposely packaged an NSA-developed backdoor into the cipher, which is distributed with its BSafe software. RSA categorically denies the charges.
“We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption,” the company said.
Samsung has been doing some denying of its own over in the mobile space after researchers discovered a major flaw in its Knox security software, which comes preinstalled with a number of Android devices.
The technology separates personal and professional data to let users bring their own devices to work without compromising their privacy or introducing additional risk to the corporate network. The container which holds company data encrypts information both both at-rest and in motion, but it turns out these measures can be easily bypassed by a malicious application installed in the regular, non-secure area of the phone. Despite calls to issue a fix for the vulnerability, Samsung insists that “the core Knox architecture cannot be compromised or infiltrated by such malware.”
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
