From Ars Technica:
A mobile application built by a third party for the RSA security conference in San Francisco this week was found to have a few security issues of its own—including hard-coded security keys and passwords that allowed a researcher to extract the conference's attendee list. The conference organizers acknowledged the vulnerability on Twitter, but they say that only the first and last names of 114 attendees were exposed.
The vulnerability was discovered (at least publicly) by a security engineer who tweeted discoveries during an examination of the RSA conference mobile app, which was developed by Eventbase Technology. Within four hours of the disclosure, Eventbase had fixed the data leak—an API call that allowed anyone to download data with attendee information.
[...] This is the second time an RSA mobile application has leaked attendee data. In 2014, an application built by another developer, QuickMobile, was found by Gunter Ollmann (who was that time at IOactive) to have a SQLite database containing personal information on registered attendees.
Also at ITWire.
(Score: 2, Informative) by Anonymous Coward on Saturday April 21 2018, @10:12PM (1 child)
There is a low barrier to entry to writing software.
The median person is really stupid, and nearly half of people are even dumber than that. What else is programming other than encoding one's thoughts? Well, that's a whole lot of stupid being encoded into machine action.
Seriously, folks. You cannot get dumber than this:
There's nothing else to say about that. Especially today, that's about as dumb as it gets.
If you're a relatively smart person, then you've already concluded that the best thing to do is to remove from your life as much technology as possible.
(Score: 0) by Anonymous Coward on Sunday April 22 2018, @12:29AM
There's a reason IQ scores across populations are measured at the median and not the mean. It's not "nearly half" of people, [googleusercontent.com] it is most people. [wikipedia.org]
(Score: 2) by MichaelDavidCrawford on Saturday April 21 2018, @10:13PM
During the dot-com boom. Can I find a screenshot?
Bing's image search really _is_ better than googles but even so, images.bing.com yields no insight.
On the homepage there was a photo of two young men holding their index finger and thumb in an "L" shape, pressed against their foreheads. Bonita explained that that gesture was meant to convey the message that the two guys were "losers".
They actually hacked RSA's nameservers. Perhaps the RSA webmaster did a good job of locking down their website.
I understand that each of the root nameservers runs a different operating system with a variety of instruction set architectures. If one is going to take down the entire internet one would need need to zero-day the nameservers in a whole bunch of different ways.
Yes I Have No Bananas. [gofundme.com]
(Score: 5, Insightful) by Justin Case on Saturday April 21 2018, @10:23PM
Some years ago I wanted to attend a "security" vendor's event (not these guys, not casting shade) and the web site "required" me to download a Windows-only .exe to register.
Tried to alert their customer service people that this is Not How You Do It.
Might as well have been baying at the moon. They could not understand the problem. They could not grasp the possibility that there could be a problem. Not with their site. They're experts, you know.
And of course all security professionals use Windows. Because, um... there is no because. Just... um... everyone uses Windows, end of brain.
There are people who don't get security, can't get security no matter how much you help them, will never get security.
They usually have the most self confidence in their stuff.
(Score: 3, Funny) by realDonaldTrump on Saturday April 21 2018, @11:08PM (1 child)
So many people in this world, not so many first names. Not so many last names. So A LOT of people have the same first name & last name. I like to put my middle name (initial J) so I don't get mixed up with another guy. And I put my name in the phone book, it's no secret. The more I get my name out there, the more business I get. Wasn't there a guy, he put his Social Security # on TV. Very foolish, right? But he was fine, supposedly he was fine. Rachel Maddow (MSNBC) stole my Income Tax Return for 2005. Or somebody stole it for her. And she put it on TV. Terrible! But nothing happened to me, I'm doing great. And believe me, you'll see so many more of my Income Tax Returns. Once the IRS finishes its audit I'll release them. Obviously I can't release them while I'm being audited!
(Score: 2) by MichaelDavidCrawford on Sunday April 22 2018, @02:44PM
Here's mine: 518-92-8663.
Don't say I never did nothin' fer ya.
Yes I Have No Bananas. [gofundme.com]
(Score: 3, Interesting) by archfeld on Saturday April 21 2018, @11:14PM
It wasn't a vulnerability or a mistake, it was a 'feature' that allowed the company to harvest attendee information for sale and usage later on. The reference to it as a vulnerability is just an exercise in plausible deniability to cover any potential legal action.
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge