Security experts from Twitter recently made a singular discovery, the final step of the registration page on the RSA Conference website was requesting user’s Twitter credentials and sending them to the conference server.
You heard right! The organization of the security conference RSA’s Executive Security Action Forum (ESAF) is collecting Twitter account passwords of participants through a dedicated form.
The final registration page on the RSA Conference website is a promotional social media offering, the data collected are anyway sent to the conference server.
That’s absurd! The page asks for plaintext password, instead implementing the OAUTH authentication mechanism that could preserve user’s data.
Why one of the most important security firms in the world is doing a so stupid thing, experts are shouting to the failure of all the security best practices.
If you’re planning to attend the next RSA Conference skip the promotional opportunity towards the end of the registration process.
(Security Affairs – RSA Event, authentication)
The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on…
PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and…
Apple blocked over $9B in fraud in 5 years, including $2B in 2024, stopping scams…
Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading…
Iranian man pleads guilty to role in Baltimore ransomware attack tied to Robbinhood, admitting to…
Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a…
This website uses cookies.
![](data:image/svg+xml;charset=utf-8,<svg height="348px" width="600px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
![](data:image/svg+xml;charset=utf-8,<svg height="303px" width="875px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)