Is the RSA Conference Secure?

By Jimmy Daniels
Contributing Writer, RealTechNews

Just read this interesting post from Brian Krebs of Security Fix about the kiosks at the currently running RSA conference, apparently, they are logged in as administrators, so anyone could come along and install software, say a keylogger, and use it to capture information, id’s and passwords. He did say he only spent 10 seconds at the terminals, so, it is possible some safeguards could be in place, as he had no comments from conference organizers.

So it came as a great surprise to me to discover a security gaffe at the RSA Security conference here — one of the premiere computer security conferences in the industry. The kiosks of Microsoft Windows XP machines set up as a way for attendees to freely access e-mail from the conference floor were running under the all-powerful “administrator” account. In short, anyone could have used the terminals to download a free software program that records every keystroke typed on the terminals. That record would be extremely useful for spying on the Internet communications of executives at some of the most recognizable computer security firms in the industry. Source: When Security Companies Fail

We Say: He said he spent about 20 minutes and watched as people logged into their email or a remote pc, and was amazed at such a respected security conference, that so many security professionals would trust a computer so easily. Of course, the people he watched log in could have been reporters and others not involved in the security industry, but most probably were involved in security and should know better. Surely some enterprising hacker or security expert has realized this as well and will let us know his results.