IDG News Service - A security expert found a way to catch the talks at Black Hat for free, thanks to bugs in the video streaming service used by the security conference.
Michael Coates, the head of Web security for Mozilla, said he discovered several problems while trying to sign up for the US$395 service. As he went through the sign-up procedure, he was "quickly sidetracked by a few oddities in the design," he wrote in a blog post describing the incident.
He poked around a bit more and discovered that he could register an account without providing anything more than an e-mail address, and then use that account on a test login page to access the videos for free.
"Now, to be fair, Black Hat didn't operate this video service themselves," Coates wrote. "But its still a bit ironic that the largest hacking conference in the world has this security hole in their video streaming service."
Black Hat's video streaming was provided by Inxpo this year.
This is the first year the conference has made video streaming of conference sessions available, Black Hat Director Jeff Moss said. Like other companies, the conference takes a risk when it works with third parties. "I'm always nervous about those systems, because we don't get access to their source code and we can't review it," he said. "We don't have time to write video streaming software, so we picked a vendor that we thought was good... apparently they'd never hosted a security stream before."
The hotel partners for Black Hat and its sister conference Defcon usually get a similar type of security penetration test when they start hosting the conferences. For the first year or so, the hotel's TV systems or phone lines will get hacked, and then they eventually lock things down. "It's kind of like their trial by fire: Welcome to Black Hat," said Moss.
Coates said that he notified the video streaming company before blogging about the issue, and they quickly fixed the bugs. Inxpo couldn't immediately be reached for comment.
Moss, who runs a conference devoted to the disclosure of security problems, had nothing but praise for Coates' security find. "Well good for him, that's cool," he said. "If you can't protect your stuff, that's what happens."
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- Increase IT Performance from the Enterprise to the Cloud with WAN Optimization Massive consolidation and data mobility, enabled by virtualization, have radically altered how we build servers, design applications, and deploy storage for the emerging...
- Live Webcast
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
- Video Stream Quality Impacts Viewer Behavior This scientific white paper, using statistical data from Amakai's streaming network, analyzes how changes in video quality cause changes in viewer behavior.
- Service-Enabling CICS Applications: Best Practices This informative webcast provides an informed, thorough look into CICS service-enablement options and how they can affect your environment. You'll learn how to... All Applications White Papers | Webcasts