RSA Security Lesson #2
Practice what you preach
One of the tough things about running a security conference is that in addition to bum-rushers like me, you give a lot of security professionals like Sunbelt Software's Alex Eckelberry and Eric Sites the chance to put your security practices to the test, in an pretty tough-to-control environment.
Alex and Eric gave the RSA show organizers, and Sophos, a bit of a schooling yesterday. I dropped by the Sunbelt booth after they'd showed Brian Krebs of the Washington Post and Ryan Singel of Wired News how easy it was to compromise the computer kiosks on the show floor.
Eckelberry and Sites were able to see a history of Google searches and install adware onto the machines (which then removed it) but they told me that they could have done much worse things, like installing keyloggers to see what the computer security executives at the conference were typing.
The booths, sponsored by antivirus vendor Sophos, were apparently not configured to spec, but as Singel writes, "One should never trust a public kiosk computer, but at the RSA security conference, one expects the public computers will at least be locked down as well as the public library's boxes."
Embarrassing. Funny.