Risk
1/13/2014
01:46 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

9 Security Experts Boycott RSA Conference

Several leading security experts have pulled out of the RSA conference over unanswered questions concerning the NSA's $10 million payment to RSA

Why did security firm RSA accept $10 million from the National Security Agency in 2004?

RSA Conference 2014
Click here for more articles about the RSA Conference.

That unanswered question is behind the decision by at least nine leading information security and privacy experts to boycott next month's RSA Conference in San Francisco.

Contacted via email, a spokesman for EMC -- which purchased RSA in 2006 -- declined to offer further details about the nature of the NSA's $10 million payment to RSA, and declined to comment on conference speakers' threatened boycott of the RSA conference, which is owned by EMC but independently run. (Full disclosure: InformationWeek's parent company, UBM LLC, owns the Black Hat security conferences.) RSA conference program committee chairman Hugh Thompson -- who is CTO of Blue Coat and not an RSA employee -- didn't immediately respond to an emailed request for reaction to the threatened boycott.

Read the full article here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3154
Published: 2014-04-17
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file conte...

CVE-2013-2143
Published: 2014-04-17
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

CVE-2014-0036
Published: 2014-04-17
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.

CVE-2014-0054
Published: 2014-04-17
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External ...

CVE-2014-0071
Published: 2014-04-17
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

Best of the Web