ugotag.com  
  
× ANCIENT WORLD ANIMALS AQUARIUM ARCHERY ARCHITECTURE ART ARTIFICIAL INTELLIGENCE AUDIO BOOKS AVIATION BABY BEAUTY BIG THOUGHTS BIKING BIOLOGY BIRDS BLOCKCHAIN BUSINESS AUTOMOTIVE CATS CHRISTMAS COLD WAR COMPUTER SECURITY CRAFTS CRIME STORIES CRYPTOCURRENCY CSGO DIGITAL COMBAT SIMULATOR DOGS EASTER ECONOMICS ELECTRONICS ENGINEERING ENVIRONMENT FAR CRY 5 FARMING FASHION FISHING FITNESS FOOD & DRINK FORTNITE BATTLE ROYALE FREEDOM OF SPEECH FUNNY GAMBLING GAMING GARDENING GEOPOLITICS GOD OF WAR GUITAR GUNS HALLOWEEN HARRY POTTER HEALTH & WELLNESS HISTORY YOUR HOME HOME REPAIR HOMEBREW INSECTS INTERESTING KIDS KITCHEN KNITTING LAWNCARE LEGO LIQUOR LOCKSPORT MARTIAL ARTS MATH MENS STYLE MINECRAFT MOBILE DEVICES MOTORBIKES MOVIES MULTIPLICATION MUSIC MYSTERY NEUROSCIENCE OLYMPICS ORGANIZATION OUTDOORS PETS PHILOSOPHY PHOTOGRAPHY PHYSICS PI DAY POLITICS POTTERY PRIVACY PROGRAMMING PSYCHOLOGY RECIPE RED DEAD REDEMPTION RELAXING RELIGION REMOTE CONTROL ROCKCLIMBING SCI FI SCI FY SCIENCE SHOOTING SPORTS SKATEBOARDING SPECIAL FORCES SPEECHES SPORTS STAR WARS STEM STPATRICKS STYLE TECHNOLOGY THANKSGIVING TOYS TRAVEL TV VALENTINE'S DAY WAR WEDDING WOODWORKING WW1 WORLD WAR 2
HOME  |  TECHNOLOGY  |  HEALTH  |  FOOD  |  MORE
facebook icon
twitter icon
pinterest icon
ARTICLE  

2018 RSA Conference Exposes 114 Attendees

The app used at the 2018 RSA Conference was found to expose user data according to "svbl". The conference organizers confirmed that 114 first and last names of RSA Conference Mobile App users were publicly accessible.


For those who want to reproduce (1/3):

  • Create account @ http://rsaconference.com

  • Login to the App

  • Extract the Sync_Token from /data/data/com.rsa.rsaconference/shared_prefs/prefs.rsa2018.xml

  • Open https://rsa1-webservice.eventbase.com/v1/attendee-list/get-updates/?pid=rsa2018&token= …

  • Download the encrypted sqlite db from the response value https://rsa1-webservice.eventbase.com/v1/attendee-list/download/sqlite/ …<...> (add &token=)

  • Store the response header X-Db-Info: 1:::

  • Get from res/values/strings.xml

  • Get sqlcipher key via hmac(attendee_db_key, , sha256).hexdigest()

  • Decrypt the DB as shown in the screenshot above.




    HOME     SIGN UP     CONTACT US