Bruce Schneier writes in “Did NSA Put a Secret Backdoor in New Encryption Standard?”:
But today there's an even bigger stink brewing around Dual_EC_DRBG. In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described a backdoor.
The problem behind cryptographic algorithms is: Can you really trust the inventors of cryptographic mechanisms? Should we only trust cryptographic mechanisms with a long history of scientific discourse? Can you trust cryptographic mechanisms from organisations with the job to know what other people transmit?