Forwarded from: Jeff Moss <jmoss (at) blackhat.com>
At 11:07 PM 9/5/2006, you wrote:
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003000
>
> By Ira Winkler
> September 05, 2006
> Computerworld
Snip
> Unfortunately, the Black Hat conference's review process for
> evaluating new hacks doesn't seem to match the stringency of its
> paperwork requirements for nonhacking sessions. With such a flaw in
> the system, faked Black Hat demos are all but inevitable. Maybe we
> should give these would-be hackers credit: They might not have hacked
> Apple or Cisco, but they did hack Black Hat.
Ira,
Sorry to rain on your pre-conceived notions, but we sent a reviewer,
Dominique Brezinski, to evaluate their talk. Dominique got a private
version of the talk where the exploit(s) were demonstrated live. We put
more effort into validating their presentation, not less. If the
demonstration could have been done live without the chance of people
capturing the packet stream and the exploit getting out 5 minutes after
the demo, it would have. Can you imagine those headlines?
Black Hat put the researchers in contact with Apple and hosted a meeting
with the Cisco security people who were at the conference.
Why do you think it was faked? You were not even there. You could always
have called me to check your facts, though.
Jeff Moss
_________________________________
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/
Received on Sep 06 2006
Intro
