back to article No way, RSA! Security conference's mobile app embarrassingly insecure

RSA has copped to a security vulnerability in the backend systems powering the smartphone app for its annual security conference, held this week in San Francisco, USA. Infosec expert "svbl" discovered and reported a privacy cockup in an API, which could be accessed by anyone with an RSA Conference account, to fetch the names …

  1. arctic_haze

    The shoemaker's children go barefoot.

    Or at least his apps...

  2. Anonymous Coward
    Anonymous Coward

    Which is more embarrassing?

    "Over a hundred attendees" or "why didn't have a bug finding contest "

    1. Mark 65

      Re: Which is more embarrassing?

      More embarassing?

      RSA has maintained that it didn't take the NSA's money to bork its own products.

      How about them feeling incompetence is the better option for a security outfit?

  3. Fruit and Nutcase Silver badge
    Coat

    RSA

    Really Secure API

    with apologies to Messrs Rivest, Shamir and Adleman

  4. MachDiamond Silver badge

    Download our app

    The best practice for a happy life is to NEVER download apps. Every convention I go to always has signs up trying to get me to download their "app" even when I already have a perfectly serviceable program in hand. The only exception is Defcon. They know better.

    Some things are just better done with pencil and paper.

  5. Trollslayer
    Flame

    Keep fixing it

    Until you break it.

    The opposite of KISS.

  6. Spaller

    Oh Good God Why Do I Need An App?

    I need an app to attend a conference? Just /dev/null me now.

  7. Anonymous Coward
    Facepalm

    "... the damage appears thus far to have been minimal"

    But the reputational damage to RSA?

    1. Dan 55 Silver badge

      Re: "... the damage appears thus far to have been minimal"

      Nothing, just confirmation they're still slapdash.

  8. fruitoftheloon
    Happy

    Does RSA stand for

    Really shite apps?

    Yes, I do know what it stood for [past tense]...

    Jay

  9. allthecoolshortnamesweretaken

    This sort of thing is kinda a tradition with RSA security conferences by now, isn't it.

  10. John Smith 19 Gold badge
    FAIL

    RSA. You are a security company. *Anything* you do it going to be hit hard

    For the lolz and the kudos

    You may understand how a PK system works, but you know s**t about human psychology.

  11. Anonymous Coward
    Anonymous Coward

    I RSA defence - a very minimalist defence

    many organisations, including my own, seem obsessed with having an app on your phone for team meetings, conferences and other such frivolities.

    These apps are not written in house, they are from internet based events companies, and are, a bit crap, childish, and make me feel old. I usually don't install them either as I don't feel that I should give them the luxury of harvesting data from my device while I am forced to watch PowerPoint and "a short video".

    I don't know the circumstances in this case, but I would not be surprised if its not just some event company's app, rather than RSA themselves. If the latter, any hope of defence is eliminated and I'll join in throwing a few rotten tomatoes....

    1. GnuTzu
      Flame

      Re: I RSA defence - a very minimalist defence -- Outsourced Crap

      Damn right. Thumbs up. Conferencing apps are forbidden here, and we have a sandbox environment for web meetings. Consumer marketing has addicted the World to a marketing strategy of getting consumer loyalty and addiction by getting consumers to download an app for every little service. But, I'm not buying it. If a service doesn't have a solid web site, then they're not getting my business--because I'm not downloading their crap app--period.

  12. JohnFen

    RSA has confirmed?

    "RSA has maintained that it didn't take the NSA's money to bork its own products."

    Which isn't a denial that they borked their products for the NSA. It's just saying that they didn't charge anyone to do it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like