Huh?
I'll break this issue down into three levels. First there's the compromised algorithm itself. The algorithm and source code for it is public. Anyone can trivially test that it's about a hundred times SLOWER than the alternative algorithms. It has zero redeeming features. And anyone with the slightest security knowledge can see that it was covered in huge red flags all over it (unexplained magic numbers pulled out of the algorithm-submitter's ass are a HUGE security no-no). It had squat track record of being vetted by the global security community for flaws. No one with the slightest security expertise would ever willingly use it, much less set it as a default algorithm.
Second, there's RSA's products. Anyone who bought it can check the configuration to see that the compromised algorithm is in there, and that it's set as the default. Anyone with an internet connection can do a search and check the product specs. I'll admit I haven't personally checked this detail, but it's beyond implausible that the story has run this long without anyone here posting a fact-check on it if it were false.
So that just leaves the third aspect. Whether RSA got paid twenty pieces of silver.... errr.... I mean ten million dollars....to set the compromised algorithm as the default in their products. I would say that is a forgone issue when RSA's response on the story was an astonishingly lame we-didn't-know-it-was-compromised and we-would-never-knowingly-compromise-our-customer's-security. If they hadn't been paid $10 million by the NSA to do, then the first words out of their mouths would have been to deny the $10 million NSA payment.
So that just leaves us with two possibilities. Either RSA knowingly took a $10 million payoff to look the other way and install a compromised back door as the default setting in their products, or they don't have a single competent security person on their entire staff.
It's hard to say which of those two possibility would be worse for a security company, but we don't have to ponder which applies here. It is utterly implausible that RSA doesn't have competent security experts on staff. They make highly sophisticated security products. They know damn well how to make products that will strongly protect you from attack by random hackers. However they are also willing to sell out your security so that the US Government has a back door into your system.
So... if you want top tier security products to protect your business and you don't give a hoot that it comes with a back door for US spook agencies, sure, go with RSA. They've got some of the top security experts. But if you want security products that don't come with back doors, there are other world-class security companies to turn to. World class security companies with world class security experts who, even in a drunken stupor, would neverselect an unproven absurdly slow ugly blatantly-backdoored random number generator to use.
-