X

A funny thing happened on the way to RSA registration...

Computers used for the registration system at the security conference can't handle special characters.

Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
Robert Vamosi
2 min read

Want to cause trouble at RSA? Register with any of a number of special characters in your name or business name and watch the badge printer issue blanks. That's what happened to me.

Monday morning when I registered for RSA 2008 (where I'll be speaking with Chris Boyd of FaceTime), I thought maybe I'd get a little VIP service. (Our talk on "How to Adapt to the Echo Generation's Social Media Hacking Game" is at 9:10 a.m. PDT on Thursday.) Instead, I was stuck in various registration lines for more than half an hour until the lone IT guy realized the system wasn't handling special characters in my company's name. In other words, the registration at RSA could be vulnerable to SQL injections, where special characters cause the database system to behave differently.

After typing in my name and confirming my registration at the little kiosk near the door, I walked over to the printer desk, where I should have had my badge waiting. Instead, the first badge came out blank. As did the next, and the next after that. For the next 20 minutes, as different desk clerks tried to help me, there were about a dozen attempts to print out my badge--all blank. Apparently there's only one IT guy and he immediately realized that whoever registered me as a speaker used the pipe character in CNET, a style we stopped using years ago. The pipe character in most SQL systems is used to indicate a concatenation.

But I'm not alone. Security researcher Adam J. O'Donnell reports that even the apostrophe in his last name caused the system to bonk. O'Donnell humorously (or maybe not) adds that "RSA is attempting to segregate out the Irish without posting an 'Irish Need Not Apply' sign."

Are there any other special character examples from RSA 2008 attendees? Post a note below.