Re: Hacking Black Hat

[InfoSec News <alerts () infosecnews org>]

Forwarded from: Jeff Moss <jmoss (at) blackhat.com>

At 11:07 PM 9/5/2006, you wrote:
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003000
>
> By Ira Winkler
> September 05, 2006
> Computerworld

Snip

> Unfortunately, the Black Hat conference's review process for 
> evaluating new hacks doesn't seem to match the stringency of its 
> paperwork requirements for nonhacking sessions. With such a flaw in 
> the system, faked Black Hat demos are all but inevitable. Maybe we 
> should give these would-be hackers credit: They might not have hacked 
> Apple or Cisco, but they did hack Black Hat.

Ira,

Sorry to rain on your pre-conceived notions, but we sent a reviewer, 
Dominique Brezinski, to evaluate their talk. Dominique got a private 
version of the talk where the exploit(s) were demonstrated live. We put 
more effort into validating their presentation, not less. If the 
demonstration could have been done live without the chance of people 
capturing the packet stream and the exploit getting out 5 minutes after 
the demo, it would have. Can you imagine those headlines?

Black Hat put the researchers in contact with Apple and hosted a meeting 
with the Cisco security people who were at the conference.

Why do you think it was faked? You were not even there. You could always 
have called me to check your facts, though.
 
Jeff Moss 


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/