RSA == Really Stupid Analysts ???
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: RSA == Really Stupid Analysts ???

  1. #1
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    Talking RSA == Really Stupid Analysts ???

    Ok, before you read this post, you'll need to look at the attached images. Kinda like a new comic from Penny-Arcade.com. If you don't view the comic AND read Tycho's rant, you'll be clueless. </plug>

    You'll have to go to the first reply to see the other image (only 1 image per post). It is a screen shot of the site that loads when you click the link in the email.

    === go view the images ===


    Ok, so, I get this email from them, even though I work for a competing company (in some regards, anyway...we are cooperative with them in some areas also) because I engineer and maintain existing RSA solutions for one of my clients, and am signed up as an admin contact for support contracts with RSA.

    Do they not have a f$cking bloody clue how Phishing and Pharming work? It's not even a damned SSL secured webpage!

    All I can say is, <sarcasm><irony>Good Job RSA</irony></sarcasm>!!!
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  2. #2
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    2nd image

    2nd image
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    That is something else...

    Have you considered contacting them and pointing out that they are a group of idiots?

    That is probably the worst thing I've seen a company do with a legitimate email in quite a while.

    If you do contact them, I'd love to see their response and reasoning for doing that.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Well, I would, but let me quote Emperor Napoleon (I)...

    Never interupt your enemy while he is making a mistake
    -- Napoleon Bonaparte (1769-1821)
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    The sad thing is, they do have a https page.............................Why it was not used in the email??
    Some one wants there arse kicked.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    *g*... how dumb can you be?

    RSA Security: solutions for enterprise data privacy and identity
    - suuuuure...

    I agree with zencoder, unethic as it may be, someone gets paid big bucks on RSA and should always be heads-up for overlooks, not allowing this sort of newbie like flaws to occur.
    Big no-no.

  7. #7
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    I suppose that it WAS a legit mail ...................

    someone MIGHT be out phishing

    you DID check
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  8. #8
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by foxyloxley
    I suppose that it WAS a legit mail ...................

    someone MIGHT be out phishing

    you DID check
    Ok, I feel a little sheepish. I DID verify that it did come from the proper sources, according to the headers. However, I failed to mention this. My bad.

    Also...it should be noted that, even if it was a phake, I don't think you could call it a phish, since the webpage that opens is NOT a form or data aggregator (unless you count hits/emails/ip's, etc.)
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  9. #9
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    OK That can't be legit. If it is, I don't get it... There are just too many "why would.. and who did..." running around in my head. I looked at the screen shots three time before attempting to post. End of the day and my head hurts.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  10. #10
    Senior Member
    Join Date
    Dec 2004
    Posts
    137
    it's legit. this was brought up on another closed security forum. RSA and a few other corporations that really should know better.

    there must be a good reason why they do that. it must be making something easier on some end for someone out there.

    EDIT:

    in response to PM and benefit for all.
    http://www.f-secure.com/weblog/archi...ve-072005.html
    this was discussed on private sec listservs as well.

    fyi - RSA's response to this.


    cheers.

    http://www.rsasecurity.com/node.asp?id=2896

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides