[cryptography] Intel RNG

James A. Donald jamesd at echeque.com
Tue Jun 19 03:32:05 EDT 2012


On Jun 18, 2012, at 4:21 PM, Jon Callas wrote:
>>> Reviewers don't want a review published that shows they gave a pass on a crap system. Producing a crap product hurts business more than any thing in the world. Reviews are products. If a professional organization gives a pass on something that turned out to be bad, it can (and has) destroyed the organization.

On Jun 18, 2012, at 9:03 PM, Matthew Green wrote:
>> I would really love to hear some examples from the security world.
>>
>> I'm not being skeptical: I really would like to know if any professional security evaluation firm has suffered meaningful, lasting harm as a result of having approved a product that was later broken.
>>
>> I can think of several /counterexamples/, a few in particular from the satellite TV world. But not the reverse.
>>
>> Anyone?


On 2012-06-19 4:14 PM, Jon Callas wrote:
> The canonical example I was thinking of was Arthur Anderson, which doesn't meet your definition, I'm sure.

Arthur Andersen was shut down for excessively creative accounting, and 
if things had stopped there, all would have been fine.

Unfortunately, the shutdown of Arthur Andersen led to Sarbanes–Oxley, 
which appears to have either made excessively creative accounting 
mandatory, or or else given the remaining big four accountants a roadmap 
of how to do creative accounting and never have to say you are sorry 
when MF Global was stealing from its customers on your watch.

Sarbannes Oxley is best interpreted as the big accountants saying "Hey, 
we all doing what Arthur Anderson did, so it needs to be made legal, 
indeed mandatory.

MF Global stole shitloads of money, but because its theft was 
Sarbanes–Oxley compliant, there appear to be no consequences

In general, when the elite are caught lying, cheating, or stealing, the 
elite close ranks.  Similarly, climategate revealed climate scientists 
cooking their data, with total lack of consequences.  Now cooking your 
data to accord with the expectations of your peers is the new scientific 
method.



More information about the cryptography mailing list