
RSA leaked conference attendees' personal details via unsecured APIs - lnguyen
https://twitter.com/hackerfantastic/status/987135585117786113?s=21
======
Maxious
This was also reported in the 2014 conference app so perhaps they just don't
care? [http://blog.ioactive.com/2014/02/beware-your-rsa-mobile-
app-...](http://blog.ioactive.com/2014/02/beware-your-rsa-mobile-app-
download.html)

------
thaumaturgy
Of course they did.

I'm sure one of the 10,000 "cybersecurity" vendors pimping out their latest
SaaS could've prevented all this, if only RSAC had paid the annual enterprise-
class subscription fee. Any of the cutting-edge, leading security companies
that were there -- like McAfee -- would have protected them if only RSAC were
a paying customer.

More seriously: there really isn't a way to fix this, is there? I mean, in the
bigger picture. On the one hand, you've got data being offered wholesale to
companies whose homepage pitch is "uses data to change audience behavior"; on
the other, you've got the US government, Equifax, and 166 others just in my
bookmarks that have all given data away for free out of sheer ineptitude, and
had ... pretty much zero consequences for it.

So RSAC is a mediocre commercial event, complete with "booth babes" in one
vendor's case (really? In 2018? WTF is wrong with them anyway?), but they're
still trying to pretend to be a huge security conference, and if they can't
get this stuff right either, then I guess we might as well just give up and
start talking about life in a post-privacy world.

I've read a fair bit of dystopian cyberpunk for dessert reading. I don't
recall any of the authors being visionary enough to foresee the trading value
of personal information.

------
reilly3000
Automated pentesting should be a thing that is ubiquitous and free for all
developers, like WC3 validation attempted to be for the early web. Mistakes
like this and hundreds of others are too easy to make.

Also lol rekt. This is sublime irony.

It isn’t that conference attendance data is devastating PII, it’s proof that
the security industry needs to shrink and become a commodity. That or industry
must accept software should be developed slower with greater expense.

