-
July 21st, 2005, 04:35 PM
#1
RSA == Really Stupid Analysts ???
Ok, before you read this post, you'll need to look at the attached images. Kinda like a new comic from Penny-Arcade.com. If you don't view the comic AND read Tycho's rant, you'll be clueless. </plug>
You'll have to go to the first reply to see the other image (only 1 image per post). It is a screen shot of the site that loads when you click the link in the email.
=== go view the images ===
Ok, so, I get this email from them, even though I work for a competing company (in some regards, anyway...we are cooperative with them in some areas also) because I engineer and maintain existing RSA solutions for one of my clients, and am signed up as an admin contact for support contracts with RSA.
Do they not have a f$cking bloody clue how Phishing and Pharming work? It's not even a damned SSL secured webpage!
All I can say is, <sarcasm><irony>Good Job RSA</irony></sarcasm>!!!
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
July 21st, 2005, 04:36 PM
#2
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
July 21st, 2005, 04:49 PM
#3
Hey Hey,
That is something else...
Have you considered contacting them and pointing out that they are a group of idiots?
That is probably the worst thing I've seen a company do with a legitimate email in quite a while.
If you do contact them, I'd love to see their response and reasoning for doing that.
Peace,
HT
-
July 21st, 2005, 05:12 PM
#4
Well, I would, but let me quote Emperor Napoleon (I)...
Never interupt your enemy while he is making a mistake
-- Napoleon Bonaparte (1769-1821)
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
July 21st, 2005, 05:14 PM
#5
The sad thing is, they do have a https page.............................Why it was not used in the email??
Some one wants there arse kicked.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
July 21st, 2005, 07:07 PM
#6
*g*... how dumb can you be?
RSA Security: solutions for enterprise data privacy and identity
- suuuuure...
I agree with zencoder, unethic as it may be, someone gets paid big bucks on RSA and should always be heads-up for overlooks, not allowing this sort of newbie like flaws to occur.
Big no-no.
-
July 21st, 2005, 08:02 PM
#7
I suppose that it WAS a legit mail ...................
someone MIGHT be out phishing
you DID check
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
July 21st, 2005, 08:15 PM
#8
Ok, I feel a little sheepish. I DID verify that it did come from the proper sources, according to the headers. However, I failed to mention this. My bad.
Also...it should be noted that, even if it was a phake, I don't think you could call it a phish, since the webpage that opens is NOT a form or data aggregator (unless you count hits/emails/ip's, etc.)
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
July 21st, 2005, 09:01 PM
#9
OK That can't be legit. If it is, I don't get it... There are just too many "why would.. and who did..." running around in my head. I looked at the screen shots three time before attempting to post. End of the day and my head hurts.
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
July 22nd, 2005, 03:37 AM
#10
it's legit. this was brought up on another closed security forum. RSA and a few other corporations that really should know better.
there must be a good reason why they do that. it must be making something easier on some end for someone out there.
EDIT:
in response to PM and benefit for all.
http://www.f-secure.com/weblog/archi...ve-072005.html
this was discussed on private sec listservs as well.
fyi - RSA's response to this.
cheers.
http://www.rsasecurity.com/node.asp?id=2896
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|