Security quotes of the week

Key signing events are boring.

People often say to me "well, don't you know why this is happening to you?" and I reply that while we may all speculate, I have been refused official answers. The little official correspondence I received said it was probably a mistake. It took months and they assure me that things will be better someday, probably. I've been detained multiple times since that letter, both in the U.S. and abroad. The DHS won't share a copy of my files with me or my lawyers. It says that I have no right to know what is in them.

The redress letter suggests that even though nothing is wrong, I'll still be selected for "random" screenings. Consider what they tell us of safety and justice, and ask yourself: is it possible that a system full of such obvious and casual dishonesty will provide it?

Security experts have said that RSA wasn't the only corporation victimized in the attack, and that dozens of other multinational companies were infiltrated using many of the same tools and Internet infrastructure. But so far, no one has been willing to talk publicly about which other companies may have been hit. Today's post features a never-before-published list of those victim organizations. The information suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA. Almost 20 percent of the current Fortune 100 companies are on this list.