Black Hat may keep quiet about plans for controversial talks
Goal is to avoid external pressure not to discuss important security issues, says founder Jeff Moss
Computerworld - The organizers of the Black Hat conference series may withhold details of selected talks at future events to avoid pressure from outside groups to cancel them.
In a conversation with Computerworld this week, Black Hat founder Jeff Moss said that going forward, conference organizers will work to determine which scheduled talks are likely to run into problems. Those found in danger of cancellation won't be announced "until the last possible moment," Moss said. "You'll just come to the show and find out [the final schedule] onsite.
"The idea is: How do we get the talks out without giving people months to try and influence or pressure researchers or their employers" into canceling a presentation? Moss said.
The issue bubbled to the surface after a scheduled talk on China's ability to launch cyberattacks was canceled days before the start of this week's Black Hat conference in Las Vegas due to of pressure from government agencies in Taiwan and China.
The presentation on "The Chinese Cyber Army: An Archaeological Study from 2001 to 2010," promised to provide attendees with a glimpse at China's government-backed hacking initiatives. The speaker was to be a researcher at Armorize, a Taiwanese security vendor.
According to a company executive, the decision to pull the talk was made after several Taiwanese and Chinese organizations that had contributed to the report wanted it pulled for reasons the vendor did not fully explain.
This is not the first time that a scheduled talk at Black Hat has been pulled at the last minute. Last year, a scheduled session that would explain a flaw in ATM software, hosted by a researcher at Juniper Networks, was canceled after complaints from the ATM vendor. The talk is now scheduled to be presented at this week's conference.
In 2008, Apple security researchers pulled out of a scheduled talk on the company's security practices. The authors succumbed to pressure from Apple marketing officials. Also in 2008, a talk by three MIT students on security flaws in the electronic ticketing system used by Boston's mass transit authority, scheduled for Moss' DefCon show, was canceled after a judge issued a restraining order.
Each of the canceled talks had been vetted and cleared through legal and other channels, Moss said. In each case, the talks were canceled due to outside pressures, he said.
"That totally drives me crazy," Moss said. "What we are going to do in future is to look into the crystal ball and see which talks we think are most likely to draw that kind of attention. Maybe we'll guess correctly, maybe we won't."
The goal is to ensure that the most controversial issues can be aired at Black Hat -- after a review by conference organizers, he said.
"We don't want any of our researchers dropping a huge zero-day bomb on a really serious issue. That's not cool," Moss said "We just want to get where the public at large hears about it at Black Hat. I want researchers to get up and say we found this great zero-day and by the way the patch for it is out."
"We are just trying to make sure the good talks see the light of day," Moss added.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Secretive group seeks recruits at Defcon, finds skepticism
- Hacker snoops on GSM cell phones in demo
- Free Android apps scrape personal data, send it to China
- U.S. should seek world cooperation on cyber conflict, says ex-CIA director
- 'Unhackable' Android can be hacked, Black Hat researchers say
- Update: ATM hack gives cash on demand
- BitBlaze tool boosts bug-hunting productivity 10-fold
- Apple patches Safari ahead of Black Hat talk, launches add-on gallery
- Black Hat: Most browsers can be made to give up personal data
- AT&T: We don't intend to stop Black Hat demo
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts