Security company RSA wants your plain text Twitter log-in

[Batu69]

Face to palm is the online reaction

 

 

RSA HAS MADE ITSELF look like a real fool in front of its peers by asking them to drop their privacy drawers as part of the registration process for its upcoming conference on security.

 

No-one in the community is impressed by this, and nor are they amused by the fact that an automatic tweet is sent out from their account to promote the conference.

We haven't even got to the part where the password is asked for with no security provision, and is thus presumably stored in a soggy paper bag near an open fire door at the RSA office, or at least the server equivalent.

 

RSA has asked people to share Twitter log-in information on a site that doesn't even bother with OAUth-enabled single sign-on. It is grim stuff, but there have been plenty of yucks about it online and, of course, on Twitter.

 

Quote

If u want to feel kinda bad abt the security industry, these r all the folks who gave the RSAC site their Twitter pw https://t.co/xjpo7lgJ4N

— Leigh Honeywell (@hypatiadotca)

January 21, 2016

 

You might think that the RSA Conference Twitter account would have made some comment on the situation, but apparently it is leaving that to the community. Instead it is saying a lot of stuff about the importance of security and privacy. This may start to reflect badly on the firm.

 

Quote

Join @PrivacyPros at #RSAC on 2/29 for “Privacy and Security: Working Better Together” Click here to sign up: https://t.co/VzlFxK8U0q

— RSA Conference (@RSAConference)

January 21, 2016

 

The security industry, at least those parts of it that have not exposed themselves as victims by auto-tweeting the RSA acknowledgement, are enjoying their time in the schadenfreude.

 

Quote

Next year they'll want to log into your work email to invite your coworkers. https://t.co/S50rZ5MRCi https://t.co/q4hEoorkUE

— Kos (@theKos)

January 21, 2016

 

Wags are sharing lists of those people, and presumably opening up doors to magic bean sellers everywhere. There is a clue to spotting victims as they will have tweeted this message: "I'm going to #RSAC 2016 in San Fran! Who wants to come with me?"

 

Some victims have confirmed that they have fallen for this and confessed to their security conference catastrophe online. We are already offering them some tins of tartan paint.

 

Article source

[straycat19]

I'm like Santa Claus, I'm making a list and if they are on it they aren't going to like it if they currently work for a certain unnamed employer who will soon be their ex-employer.  Anyone stupid enough to do this has no business whatsoever working in anything having to do with security.  What f*cking idiots have we let into the security field?!?!