This was also reported in the 2014 conference app so perhaps they just don't care? <a href="http://blog.ioactive.com/2014/02/beware-your-rsa-mobile-app-download.html" rel="nofollow">http://blog.ioactive.com/2014/02/beware-your-rsa-mobile-app-...</a>
Of course they did.<p>I'm sure one of the 10,000 "cybersecurity" vendors pimping out their latest SaaS could've prevented all this, if only RSAC had paid the annual enterprise-class subscription fee. Any of the cutting-edge, leading security companies that were there -- like McAfee -- would have protected them if only RSAC were a paying customer.<p>More seriously: there really isn't a way to fix this, is there? I mean, in the bigger picture. On the one hand, you've got data being offered wholesale to companies whose homepage pitch is "uses data to change audience behavior"; on the other, you've got the US government, Equifax, and 166 others just in my bookmarks that have all given data away for free out of sheer ineptitude, and had ... pretty much zero consequences for it.<p>So RSAC is a mediocre commercial event, complete with "booth babes" in one vendor's case (really? In 2018? WTF is wrong with them anyway?), but they're still trying to pretend to be a huge security conference, and if they can't get this stuff right either, then I guess we might as well just give up and start talking about life in a post-privacy world.<p>I've read a fair bit of dystopian cyberpunk for dessert reading. I don't recall any of the authors being visionary enough to foresee the trading value of personal information.
Automated pentesting should be a thing that is ubiquitous and free for all developers, like WC3 validation attempted to be for the early web. Mistakes like this and hundreds of others are too easy to make.<p>Also lol rekt. This is sublime irony.<p>It isn’t that conference attendance data is devastating PII, it’s proof that the security industry needs to shrink and become a commodity. That or industry must accept software should be developed slower with greater expense.