No way, RSA! Security conference's mobile app embarrassingly insecure RSA has copped to a security vulnerability in the backend systems powering the smartphone app for its annual security conference, held this week in San Francisco, USA. Infosec expert "svbl" discovered and reported a privacy cockup in an API, which could be accessed by anyone with an RSA Conference account, to fetch the names …
The best practice for a happy life is to NEVER download apps. Every convention I go to always has signs up trying to get me to download their "app" even when I already have a perfectly serviceable program in hand. The only exception is Defcon. They know better.
Some things are just better done with pencil and paper.
many organisations, including my own, seem obsessed with having an app on your phone for team meetings, conferences and other such frivolities.
These apps are not written in house, they are from internet based events companies, and are, a bit crap, childish, and make me feel old. I usually don't install them either as I don't feel that I should give them the luxury of harvesting data from my device while I am forced to watch PowerPoint and "a short video".
I don't know the circumstances in this case, but I would not be surprised if its not just some event company's app, rather than RSA themselves. If the latter, any hope of defence is eliminated and I'll join in throwing a few rotten tomatoes....
Damn right. Thumbs up. Conferencing apps are forbidden here, and we have a sandbox environment for web meetings. Consumer marketing has addicted the World to a marketing strategy of getting consumer loyalty and addiction by getting consumers to download an app for every little service. But, I'm not buying it. If a service doesn't have a solid web site, then they're not getting my business--because I'm not downloading their crap app--period.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
