-
July 21st, 2005 04:35 PM
#1
 RSA == Really Stupid Analysts ???
Ok, before you read this post, you'll need to look at the attached images. Kinda like a new comic from Penny-Arcade.com. If you don't view the comic AND read Tycho's rant, you'll be clueless.  </plug>
You'll have to go to the first reply to see the other image (only 1 image per post). It is a screen shot of the site that loads when you click the link in the email.
=== go view the images ===
Ok, so, I get this email from them, even though I work for a competing company (in some regards, anyway...we are cooperative with them in some areas also) because I engineer and maintain existing RSA solutions for one of my clients, and am signed up as an admin contact for support contracts with RSA.
Do they not have a f$cking bloody clue how Phishing and Pharming work? It's not even a damned SSL secured webpage!
All I can say is, <sarcasm><irony>Good Job RSA</irony></sarcasm>!!! 
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
July 21st, 2005 04:36 PM
#2
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
July 21st, 2005 04:49 PM
#3
Hey Hey,
That is something else...
Have you considered contacting them and pointing out that they are a group of idiots?
That is probably the worst thing I've seen a company do with a legitimate email in quite a while.
If you do contact them, I'd love to see their response and reasoning for doing that.
Peace,
HT
IT Blog: .:Computer Defense:.
PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
-
July 21st, 2005 05:12 PM
#4
Well, I would, but let me quote Emperor Napoleon (I)...
Never interupt your enemy while he is making a mistake
-- Napoleon Bonaparte (1769-1821)
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
July 21st, 2005 05:14 PM
#5
The sad thing is, they do have a https page.............................Why it was not used in the email??
Some one wants there arse kicked.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
July 21st, 2005 07:07 PM
#6
*g*... how dumb can you be? 
RSA Security: solutions for enterprise data privacy and identity
- suuuuure...
I agree with zencoder, unethic as it may be, someone gets paid big bucks on RSA and should always be heads-up for overlooks, not allowing this sort of newbie like flaws to occur.
Big no-no.
-
July 21st, 2005 08:02 PM
#7
I suppose that it WAS a legit mail ................... 
someone MIGHT be out phishing 
you DID check
55 - I'm fiftyfeckinfive and STILL no wiser,
OLDER yes
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
July 21st, 2005 08:15 PM
#8
Ok, I feel a little sheepish. I DID verify that it did come from the proper sources, according to the headers. However, I failed to mention this. My bad.
Also...it should be noted that, even if it was a phake, I don't think you could call it a phish, since the webpage that opens is NOT a form or data aggregator (unless you count hits/emails/ip's, etc.)
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
July 21st, 2005 09:01 PM
#9
OK That can't be legit. If it is, I don't get it... There are just too many "why would.. and who did..." running around in my head. I looked at the screen shots three time before attempting to post. End of the day and my head hurts.
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
July 22nd, 2005 03:37 AM
#10
it's legit. this was brought up on another closed security forum. RSA and a few other corporations that really should know better.
there must be a good reason why they do that. it must be making something easier on some end for someone out there.
EDIT:
in response to PM and benefit for all.
http://www.f-secure.com/weblog/archi...ve-072005.html
this was discussed on private sec listservs as well.
fyi - RSA's response to this.
cheers.
http://www.rsasecurity.com/node.asp?id=2896
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
Forum Rules
|
|
Reply With Quote
Bookmarks