That first sentence is not a good way to sum up what happened. Dual EC isn't "weak"; it's pretty plainly a backdoor.
(I'm among an elite cadre† of cryptography-adjacents who felt it probably wasn't, but only because I thought it was too stupid to actually be used anywhere --- as soon as it was disclosed that (a) it was a default-yes algorithm in BSAFE and (b) big companies actually used BSAFE in important products, it was immediately clear what was going on).
The idea of Dual EC is essentially that your output is internal RNG state encrypted with a public key, leaving open the obvious question of "who has the private key?". I think we all know the answer to that now.
While I largely agree with you, and respect your opinion on these matters, the truth is that Dual EC was indeed a standard of the NIST, and therefore as a practical matter did get deployed by the public in whatever ill-informed manner for not having your elite cadre advice (yes, joking).
I appreciate the point about trust in the authorship of those presenting these algorithms, and I personally do accept it, but there's a lack of trust broadly (in the very community that these standards are intended for) in the process that your comments don't account for in this instance.
Nitpick: strictly speaking, it wasn't plainly a backdoor specifically, but plainly either a backdoor, or something deliberately designed to look backdoored, but with some unknown way for the NSA to 'reluctantly' declassify a proof that it wasn't backdoored in a attempt to discredit people who accused it of being backdoored (basically trying to recreate the DES S-box versus differential cryptanalysis thing). But smart money was on actually-a-backdoor.
(I'm among an elite cadre† of cryptography-adjacents who felt it probably wasn't, but only because I thought it was too stupid to actually be used anywhere --- as soon as it was disclosed that (a) it was a default-yes algorithm in BSAFE and (b) big companies actually used BSAFE in important products, it was immediately clear what was going on).
The idea of Dual EC is essentially that your output is internal RNG state encrypted with a public key, leaving open the obvious question of "who has the private key?". I think we all know the answer to that now.
† i am being ironic