Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The best of Black Hat: The consequential, the controversial, the canceled

Taylor Armerding | July 19, 2017
Over the past two decades, the annual Black Hat conference has had its share of controversy. CSO looks back at the most significant talks and demonstrations.

According to an executive at Armorize, the company decided to cancel the presentation after several Taiwanese and Chinese organizations that had contributed to the report wanted it pulled. The executive did not give the reasons for their complaints.

 

“RFID for beginners” – Chris Paget, 2007

In the promotion for his presentation, Paget of IOActive said, “I'll explain everything you need to know in order to build a working cloner, understand how it works, and see exactly why RFID is so insecure and untrustworthy.” The talk was pulled after secure card maker HID Corp. objected in a letter that claimed possible patent infringement.

An HID spokeswoman acknowledged that the company’s RFID proximity cards were vulnerable to hacks, but said Paget was exaggerating the risk and by showing how to hack them would endanger their customers. IOActive argued that the concepts behind its research were not new and simply illustrated potential security shortcomings of contactless building access controls that HID had noted in the past.

“Given the threat of pending litigation, we had no choice but to cancel the talk,” said Joshua Pennell, IOActive president. Black Hat’s Jeff Moss said the move by HID, “is a threat to the conference business. It will reach a point where everything will be dumbed down and everything we can discuss will come from a sales sheet from a product manufacturer. I don't like it at all. It doesn't bode well for security research.”

 

“Weaknesses in Apple’s FileVault” – Charles Edge, 2008

This one ignited controversy not only over its proposed topic, but over whether it was ever scheduled in the first place. Edge, a security researcher, said he had been scheduled to discuss a weakness he had found in Apple’s FileVault encryption system, but then canceled it a week before the conference. He told Brian Krebs, then at the Washington Post, that he had, “signed confidentiality agreements with Apple, which prevents him from speaking on the topic and from discussing the matter further."

Krebs wrote at the time, “these kinds of reversals have a funny way of stoking the curiosity of the hacker community, already an inquisitive bunch by nature.” Black Hat organizers said, however, that the talk had never been officially scheduled.

 

Previous Page  1  2  3  4  5  6  7 

Sign up for CIO Asia eNewsletters.