Re: Update [Was: Re: "New Controversy over Black Hat Presentation " (from slashdot)]

["Nervox Nervox" <nervox.nosecurity () gmail com>]

On 2/27/07, Fergie <fergdawg () netzero net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -- Paul Vixie <paul () vix com> wrote:
>
> >"InfoWorld is reporting about a new controversy swirling around a planned
> >presentation at Black Hat Federal in Washington D.C. this week. Security
> >researcher Chris Paget of IOActive will demo an RFID hacking tool that can
> >crack HID brand door access cards. HID Corp., which makes the cards, is
> >miffed and is accusing IOActive of patent infringement over the
> >presentation,
> >recalling the legal wrangling over Michael Lynn's presentation of a Cisco
> >IOS hole at Black Hat in 2005. Black Hat's Jeff Moss says they're standing
> >by
> >their speaker. A news conference is scheduled for tomorrow AM."
> >
> >http://it.slashdot.org/article.pl?sid=07/02/27/1639231
>
> Well, it has apparently now been canceled, due to the threat of
> legal action. What a crock.
>
> Via C|Net News.
>
> [snip]
>
> Security researchers have canceled a talk on the flaws of RFID-equipped
> building access badges after receiving legal threats from a major
> manufacturer.
>
> Researchers from security services firm IOActive planned to demonstrate
> that the commonly used identification cards can easily be duplicated,
> posing a serious risk to those who rely on such systems for security.
>
> The talk, slated for Wednesday at the Black Hat DC Briefings & Training
> event in Arlington, Va., was canceled Tuesday after IOActive said it
> received legal threats from HID Global, a major seller of access control
> systems.
>
> "We can't go forward with the threat of litigation hanging over our small
> company," Joshua Pennell, IOActive's chief executive, said in a conference
> call with reporters Tuesday.
>
> An HID representative could not immediately be reached for comment.
>
> [snip]
>
> More:
> http://news.com.com/2100-1029_3-6162547.html
>
> Of course, this issue will not simply "go away".
>
> - - ferg
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.5.3 (Build 5003)
>
> wj8DBQFF5H7uq1pz9mNUZTMRArc4AJ9OZxqEnIGxE8yex7soTSo378hcxACfUSpj
> +Br8WVB4FZhpEPiiEohyKN8=
> =PELr
> -----END PGP SIGNATURE-----
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg(at)netzero.net
>  ferg's tech blog: http://fergdawg.blogspot.com/
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
Helo

IMHO better see a presentation at black hat con then having idiots
running around claiming they're system is secure.
If a small company could break it then who knows who could break it.

And oh BTW "RFID are bad" isn't that an old subject?
Eventually that info will be either leaked or some brave soul will
crack  it and leak it anonymously and then let the big company deal
with they're own crap.

Best Nervox
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.