Security experts from Twitter recently made a singular discovery, the final step of the registration page on the RSA Conference website was requesting user’s Twitter credentials and sending them to the conference server.
You heard right! The organization of the security conference RSA’s Executive Security Action Forum (ESAF) is collecting Twitter account passwords of participants through a dedicated form.
The final registration page on the RSA Conference website is a promotional social media offering, the data collected are anyway sent to the conference server.
That’s absurd! The page asks for plaintext password, instead implementing the OAUTH authentication mechanism that could preserve user’s data.
Why one of the most important security firms in the world is doing a so stupid thing, experts are shouting to the failure of all the security best practices.
If u want to feel kinda bad abt the security industry, these r all the folks who gave the RSAC site their Twitter pw https://t.co/xjpo7lgJ4N
— Leigh Honeywell (@hypatiadotca) 21 Gennaio 2016
If you’re planning to attend the next RSA Conference skip the promotional opportunity towards the end of the registration process.
(Security Affairs – RSA Event, authentication)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.