Black Hat may keep quiet about plans for controversial talks
Goal is to avoid external pressure not to discuss important security issues, says founder Jeff Moss
Computerworld - The organizers of the Black Hat conference series may withhold details of selected talks at future events to avoid pressure from outside groups to cancel them.
In a conversation with Computerworld this week, Black Hat founder Jeff Moss said that going forward, conference organizers will work to determine which scheduled talks are likely to run into problems. Those found in danger of cancellation won't be announced "until the last possible moment," Moss said. "You'll just come to the show and find out [the final schedule] onsite.
"The idea is: How do we get the talks out without giving people months to try and influence or pressure researchers or their employers" into canceling a presentation? Moss said.
The issue bubbled to the surface after a scheduled talk on China's ability to launch cyberattacks was canceled days before the start of this week's Black Hat conference in Las Vegas due to of pressure from government agencies in Taiwan and China.
The presentation on "The Chinese Cyber Army: An Archaeological Study from 2001 to 2010," promised to provide attendees with a glimpse at China's government-backed hacking initiatives. The speaker was to be a researcher at Armorize, a Taiwanese security vendor.
According to a company executive, the decision to pull the talk was made after several Taiwanese and Chinese organizations that had contributed to the report wanted it pulled for reasons the vendor did not fully explain.
This is not the first time that a scheduled talk at Black Hat has been pulled at the last minute. Last year, a scheduled session that would explain a flaw in ATM software, hosted by a researcher at Juniper Networks, was canceled after complaints from the ATM vendor. The talk is now scheduled to be presented at this week's conference.
In 2008, Apple security researchers pulled out of a scheduled talk on the company's security practices. The authors succumbed to pressure from Apple marketing officials. Also in 2008, a talk by three MIT students on security flaws in the electronic ticketing system used by Boston's mass transit authority, scheduled for Moss' DefCon show, was canceled after a judge issued a restraining order.
Each of the canceled talks had been vetted and cleared through legal and other channels, Moss said. In each case, the talks were canceled due to outside pressures, he said.
"That totally drives me crazy," Moss said. "What we are going to do in future is to look into the crystal ball and see which talks we think are most likely to draw that kind of attention. Maybe we'll guess correctly, maybe we won't."
The goal is to ensure that the most controversial issues can be aired at Black Hat -- after a review by conference organizers, he said.
"We don't want any of our researchers dropping a huge zero-day bomb on a really serious issue. That's not cool," Moss said "We just want to get where the public at large hears about it at Black Hat. I want researchers to get up and say we found this great zero-day and by the way the patch for it is out."
"We are just trying to make sure the good talks see the light of day," Moss added.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Secretive group seeks recruits at Defcon, finds skepticism
- Hacker snoops on GSM cell phones in demo
- Free Android apps scrape personal data, send it to China
- U.S. should seek world cooperation on cyber conflict, says ex-CIA director
- 'Unhackable' Android can be hacked, Black Hat researchers say
- Update: ATM hack gives cash on demand
- BitBlaze tool boosts bug-hunting productivity 10-fold
- Apple patches Safari ahead of Black Hat talk, launches add-on gallery
- Black Hat: Most browsers can be made to give up personal data
- AT&T: We don't intend to stop Black Hat demo
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts