IDG News Service - A security expert found a way to catch the talks at Black Hat for free, thanks to bugs in the video streaming service used by the security conference.
Michael Coates, the head of Web security for Mozilla, said he discovered several problems while trying to sign up for the US$395 service. As he went through the sign-up procedure, he was "quickly sidetracked by a few oddities in the design," he wrote in a blog post describing the incident.
He poked around a bit more and discovered that he could register an account without providing anything more than an e-mail address, and then use that account on a test login page to access the videos for free.
"Now, to be fair, Black Hat didn't operate this video service themselves," Coates wrote. "But its still a bit ironic that the largest hacking conference in the world has this security hole in their video streaming service."
Black Hat's video streaming was provided by Inxpo this year.
This is the first year the conference has made video streaming of conference sessions available, Black Hat Director Jeff Moss said. Like other companies, the conference takes a risk when it works with third parties. "I'm always nervous about those systems, because we don't get access to their source code and we can't review it," he said. "We don't have time to write video streaming software, so we picked a vendor that we thought was good... apparently they'd never hosted a security stream before."
The hotel partners for Black Hat and its sister conference Defcon usually get a similar type of security penetration test when they start hosting the conferences. For the first year or so, the hotel's TV systems or phone lines will get hacked, and then they eventually lock things down. "It's kind of like their trial by fire: Welcome to Black Hat," said Moss.
Coates said that he notified the video streaming company before blogging about the issue, and they quickly fixed the bugs. Inxpo couldn't immediately be reached for comment.
Moss, who runs a conference devoted to the disclosure of security problems, had nothing but praise for Coates' security find. "Well good for him, that's cool," he said. "If you can't protect your stuff, that's what happens."
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- 2014 Gartner Magic Quadrant Report For the 7th year in a row, Riverbed is in the "Leaders" Quadrant of the 2014 Magic Quadrant for WAN Optimization Controllers. In...
- Improving Business Value of WAN Optimization Want to achieve faster ROI with WAN optimization? Read the latest IDC report and discover how you can cut IT costs without compromising...
- IDC ROI Infographic Trends such as evolving communication patterns, connection types, applications and bandwidth can have an impact on enterprise organizations. Learn how IT organizations can...
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Applications White Papers | Webcasts