Discussion:
[Link Posting] When you go to a security conference, and its mobile app leaks your data
(too old to reply)
Rich
2018-04-24 10:28:37 UTC
Permalink
Raw Message
####################################################################
# ATTENTION: This post is a reference to a website. The poster of #
# this Usenet article is not the author of the referenced website. #
####################################################################

<URL:https://arstechnica.com/information-technology/2018/04/insecure-rsa
-conference-app-leaked-attendee-data/>
A mobile application built by a third party for the RSA security
conference in San Francisco this week was found to have a few security
issues of its own - including hard-coded security keys and passwords
that allowed a researcher to extract the conference's attendee list. The
conference organizers acknowledged the vulnerability on Twitter, but
they say that only the first and last names of 114 attendees were
exposed.
The vulnerability was discovered (at least publicly) by a security
engineer who tweeted discoveries during an examination of the RSA
conference mobile app, which was developed by Eventbase Technology.
Within four hours of the disclosure, Eventbase had fixed the data leak -
an API call that allowed anyone to download data with attendee
information.
...
Dirk T. Verbeek
2018-04-25 11:40:32 UTC
Permalink
Raw Message
Post by Rich
####################################################################
# ATTENTION: This post is a reference to a website. The poster of #
# this Usenet article is not the author of the referenced website. #
####################################################################
<URL:https://arstechnica.com/information-technology/2018/04/insecure-rsa
-conference-app-leaked-attendee-data/>
A mobile application built by a third party for the RSA security
conference in San Francisco this week was found to have a few security
issues of its own - including hard-coded security keys and passwords
that allowed a researcher to extract the conference's attendee list. The
conference organizers acknowledged the vulnerability on Twitter, but
they say that only the first and last names of 114 attendees were
exposed.
The vulnerability was discovered (at least publicly) by a security
engineer who tweeted discoveries during an examination of the RSA
conference mobile app, which was developed by Eventbase Technology.
Within four hours of the disclosure, Eventbase had fixed the data leak -
an API call that allowed anyone to download data with attendee
information.
...
That's rich :)

Loading...