Set as Homepage - Add to Favorites

【2000 Archives】

Source:Steady Information Network Editor:Shopping Time:2025-06-26 16:46:20

Look000 Archives we get it. Cybersecurity is hard. But maybe, just maybe, a conference dedicated to computer security and encryption should know better than to leave attendee information exposed via its conference mobile app.

And yet.

SEE ALSO: Tech conferences like RSA still have a diversity problem

As the RSA Conference winds down today in San Francisco organizers have been forced to acknowledge that all has not been right with their own house. Specifically, a security engineer looking into the RSA Conference Mobile App discovered that at least some user information was exposed to anyone who knew where to look.

"[It] was the API from http://eventbase.com that was used by the RSA conference app," the researcher, who goes by svbl, explained over Twitter direct message. "[The] vulnerability was on eventbase' side."

Svbl tweeted out the steps he took to access the information and alerted organizers to what might generously be called an oversight.

The RSA Conference responded and quickly resolved the vulnerability, but, shall we say, the response didn't really cop to the fact that organizers baked a vulnerability into their app.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

"Our initial investigation shows that 114 first and last names of RSA Conference Mobile App users were improperly accessed," read a statement. "No other personal information was accessed, and we have every indication that the incident has been contained."

That only 114 first and last names were accessed isn't because of some magic cybersecurity protections. Rather, it's because svbl limited his probing to just a peek — merely to confirm the vulnerability — before reporting it.

Notably, this isn't the first time the RSA Conference has blundered with its conference app.

"This isn’t surprising," tweeted the engineer and hacker Ming Chow. "Let me remind you of the RSA Conference 2014 app that downloaded all attendees’ names into SQLite DB."

And, to make matters worse, this wasn't the only problem members of the cybersecurity community had with the conference app. Specifically, the permissions the app required raised a lot of eyebrows.

Thankfully for attendees, svbl appears to have had no ill intentions.

"[I] only pulled a sample of data (~100 records) before i reported it to RSA directly and as you saw they fixed it very quick (which is awesome)," the researcher wrote to us.

And while a fast response is great, still, come on. Security professionals like those at the RSA Conference shouldn't count on the goodwill of third-party researchers to keep attendee data secure. But somehow, though, that's exactly where we are.

Featured Video For You
Here's 5 tips for Spring cleaning your digital footprint

Topics Cybersecurity

Previous:U.N. confirms the ocean is screwed

Next:Weather app glitch makes it look like hell is basically freezing over

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

Now we know how Elon Musk really feels about the Muslim travel banModel dangles off a skyscraper like it's NBD for deathNetflix may try to limit password sharing without making customers madPeople are fuming over Ivanka Trump's Oval Office photoNew study counts your calories ... based on your tweetsWhy you can't get a Sweetgreen salad on Thursday in D.C.Chrome update gives you permission to open way too many tabsSeth Meyers roasts Republicans' messy, angry protest against Trump impeachment inquiryInstagram adds 'false information' labels to prevent fake news from going viral'The Outer Worlds' review: Like a Fallout game that never wasLizzo credits viral tweet for the most iconic line in 'Truth Hurts''Castle Rock' Season 2 delivers gripping, Stephen King–worthy horror10 books about tech for every kind of person in your lifeLG's new dualStudents explain the meanings of their Chinese names in viral videoMan trolls girlfriend with the most brutal Valentine's Day message everThis model of Donald Trump's awful handshake is hilariously onNow you can get magically stupefied in a 'Harry Potter''Bojack Horseman' Season 6 builds to Bojack's final reckoningNew Doogee phone is rugged, modular, cheap, and actually quite powerful Weapons of Mass Instruction by Sadie Stein Let the Memory Live Again, and Other News by Sadie Stein Amateur Night by Adam Wilson Conversing with Brodsky, and Other News by Sadie Stein Remembering Mandela, and Other News by Sadie Stein An American in Paris by Sadie Stein It Involves Breaking Stuff by Sadie Stein Into the Woods by Sadie Stein What We’re Loving: Baseball, Giacometti, Literary Sprinting by The Paris Review Unconscious by Sadie Stein Modern Austen, and Other News by Sadie Stein It Was Too Strong: An Interview with Todd Hido Recapping Dante: Canto 7, or Hell by the Numbers by Alexander Aciman Well, This Is Depressing, and Other News by Sadie Stein The Subjective Fog: For Julian Hoeber by Jonathan Lethem Recapping Dante: Canto 5, or A Note on the Translation by Alexander Aciman Bonfire Night by Sadie Stein One Man’s Trash, and Other News by Sadie Stein Nail Art by Sadie Stein The Known Unknown: On Sigizmund Krzhizhanovsky

2.2207s , 10133.4765625 kb

Copyright © 2025 Powered by 【2000 Archives】,Steady Information Network  

Sitemap

Top

Quick Links