Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

RSA Conference registration page asks Twitter credentials, that’s incredible!

It is hard to believe but the RSA Conference registration page is collecting Twitter credentials sending them back to an RSA server, in-security by design! Security experts from Twitter recently made a singular discovery, the final step of the registration page on the RSA Conference website was requesting user’s Twitter credentials and sending them to the […]

Saudi Arabian Government Twitter

A user checks a Twitter feed on a smartphone in this arranged photograph taken in London, U.K., on Friday, Oct. 4, 2013. Twitter Inc.’s initial public offering documents suggested a valuation of $12.8 billion for the microblogging service, underscoring the seven-year rise of a still unprofitable company that has helped revolutionize how people share information. […]

It is hard to believe but the RSA Conference registration page is collecting Twitter credentials sending them back to an RSA server, in-security by design!

Security experts from Twitter recently made a singular discovery, the final step of the registration page on the RSA Conference website was requesting user’s Twitter credentials and sending them to the conference server.

You heard right! The organization of the security conference RSA’s Executive Security Action Forum (ESAF) is collecting Twitter account passwords of participants through a dedicated form.

The final registration page on the RSA Conference website is a promotional social media offering, the data collected are anyway sent to the conference server.

That’s absurd! The page asks for plaintext password, instead implementing the OAUTH authentication mechanism that could preserve user’s data.

Why one of the most important security firms in the world is doing a so stupid thing, experts are shouting to the failure of all the security best practices.

Twitter RSA conference

in this way the user Twitter credentials are sent directly to the organization of the RSA conference.

Twitter RSA conference 2

 

 

If you’re planning to attend the next RSA Conference skip the promotional opportunity towards the end of the registration process.

Pierluigi Paganini

(Security Affairs – RSA Event, authentication)