Saturday, August 09, 2008

Reporters "hacking" at BlackHat

I was there when this happened: "Reporters At Black Hat Get Bounced For Hacking" (Slashdot).

The problem is the ying-and-yang of cybersecurity. On one hand, security is serious business. When you cross a line, people with guns show up at your door. On the other hand, learning about security is often playful and fun.

The "Wall of Sheep" rides the controversial grey area between the two. They sniff passwords from the conference network and display them (or at least, the first three letters) on a screen. It's a playful way of reminding people about the chronic problem that they are sending their passwords unencrypted on the network.

Whereas the primary BlackHat network advertised the fact that it was being monitored, different rules applied to the press network. A member of the French press didn't understand the difference between the two, pulled passwords from the press network, and attempted to submit them to the Wall of Sheep.

There was not malicious intent here. The guy didn't understand the difference between the two networks. His intent was to join the playful education game, not to hack into somebody's account.

I would suggest that CMP Media's response was a bit harsh. A private rebuke would be appropriate, but a public fuss goes too far. BlackHat is constantly mired in controversy between "education" and the often shady side of where that education comes from (vulnerability disclosure, revealing of trade secrets, etc.). I would prefer to see them err on the side of education, rather than erring on the side of "being serious about security".

1 comment:

Gillis57 said...

From what I read from the guys @ BH, the reporter and his editor have both been attending blackhat for 3+ years? If that is the case, the line had definitely been established and should have been respected. I don't think the article/response was harsh at all, but then again- I wasn't there.

Editor Of: www.secureyourselfonline.com