Black Hat may keep quiet about plans for controversial talks
Goal is to avoid external pressure not to discuss important security issues, says founder Jeff Moss
Computerworld - The organizers of the Black Hat conference series may withhold details of selected talks at future events to avoid pressure from outside groups to cancel them.
In a conversation with Computerworld this week, Black Hat founder Jeff Moss said that going forward, conference organizers will work to determine which scheduled talks are likely to run into problems. Those found in danger of cancellation won't be announced "until the last possible moment," Moss said. "You'll just come to the show and find out [the final schedule] onsite.
"The idea is: How do we get the talks out without giving people months to try and influence or pressure researchers or their employers" into canceling a presentation? Moss said.
The issue bubbled to the surface after a scheduled talk on China's ability to launch cyberattacks was canceled days before the start of this week's Black Hat conference in Las Vegas due to of pressure from government agencies in Taiwan and China.
The presentation on "The Chinese Cyber Army: An Archaeological Study from 2001 to 2010," promised to provide attendees with a glimpse at China's government-backed hacking initiatives. The speaker was to be a researcher at Armorize, a Taiwanese security vendor.
According to a company executive, the decision to pull the talk was made after several Taiwanese and Chinese organizations that had contributed to the report wanted it pulled for reasons the vendor did not fully explain.
This is not the first time that a scheduled talk at Black Hat has been pulled at the last minute. Last year, a scheduled session that would explain a flaw in ATM software, hosted by a researcher at Juniper Networks, was canceled after complaints from the ATM vendor. The talk is now scheduled to be presented at this week's conference.
In 2008, Apple security researchers pulled out of a scheduled talk on the company's security practices. The authors succumbed to pressure from Apple marketing officials. Also in 2008, a talk by three MIT students on security flaws in the electronic ticketing system used by Boston's mass transit authority, scheduled for Moss' DefCon show, was canceled after a judge issued a restraining order.
Each of the canceled talks had been vetted and cleared through legal and other channels, Moss said. In each case, the talks were canceled due to outside pressures, he said.
"That totally drives me crazy," Moss said. "What we are going to do in future is to look into the crystal ball and see which talks we think are most likely to draw that kind of attention. Maybe we'll guess correctly, maybe we won't."
The goal is to ensure that the most controversial issues can be aired at Black Hat -- after a review by conference organizers, he said.
"We don't want any of our researchers dropping a huge zero-day bomb on a really serious issue. That's not cool," Moss said "We just want to get where the public at large hears about it at Black Hat. I want researchers to get up and say we found this great zero-day and by the way the patch for it is out."
"We are just trying to make sure the good talks see the light of day," Moss added.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Secretive group seeks recruits at Defcon, finds skepticism
- Hacker snoops on GSM cell phones in demo
- Free Android apps scrape personal data, send it to China
- U.S. should seek world cooperation on cyber conflict, says ex-CIA director
- 'Unhackable' Android can be hacked, Black Hat researchers say
- Update: ATM hack gives cash on demand
- BitBlaze tool boosts bug-hunting productivity 10-fold
- Apple patches Safari ahead of Black Hat talk, launches add-on gallery
- Black Hat: Most browsers can be made to give up personal data
- AT&T: We don't intend to stop Black Hat demo
Read more about Security in Computerworld's Security Topic Center.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!