Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Controversy over Black Hat Presentation

Posted by Zonk on from the black-hat-on-a-white-field dept.

uniquebydegrees writes "InfoWorld is reporting about a new controversy swirling around a planned presentation at Black Hat Federal in Washington D.C. this week. Security researcher Chris Paget of IOActive will demo an RFID hacking tool that can crack HID brand door access cards. HID Corp., which makes the cards, is miffed and is accusing IOActive of patent infringement over the presentation, recalling the legal wrangling over Michael Lynn's presentation of a Cisco IOS hole at Black Hat in 2005. Black Hat's Jeff Moss says they're standing by their speaker. A news conference is scheduled for tomorrow AM." Update: 02/27 20:10 GMT by Z :InfoWorldMike wrote with a link to story saying that the presentation has been pulled from the slate for Black Hat, as a result of this pressure.

4 of 144 comments (clear)

  1. Security is not a product by TheWoozle · · Score: 3, Insightful

    Security is constant vigilence. Certain tools come in handy, but they are not by themselves security. Security is either part of your corporate culture and SOP, or it is not. You can't buy something and tack it on to make your business secure. The sooner PHBs learn this, the sooner we can get past all this nonsense.

    --
    Insisting on "correct" English is like saying that there is only one, definitive recipe for chili.
  2. Responsibility? by Diluted · · Score: 5, Insightful

    From the article: "These systems are installed all over the place. It's not just HID, but lots of companies, and there hasn't been a problem. Now we've got a person who's saying let's get publicity for our company and show everyone how to do it, and it puts everyone at risk. Where's the sense of responsibility?" Carroll said.
    This blows me away. Rather than taking the responsibility for having a flawed security system, rather than having the responsibility as a company to say "Hey, yeah we know about this and we are going to fix it after 15 years," the company accuses the security researcher of a lack of responsibility for "revealing" how to exploit these systems. I feel like bizarro world has become the real world when I read these kind of comments.

  3. Litigation vs. Inteligent Implementation by Tomis · · Score: 5, Insightful

    If you base your security model singularly around patents instead of proper implementation, then there is something wrong with your security model.

  4. Re:HID has its head in the sand by dgatwood · · Score: 4, Insightful

    You know, in fifteen years of carrying a credit card, I have never had one fail. The high-coercivity mag stripe cards are darn near indestructible. By contrast, the low-coercivity cards that they use at some hotels... I've had them just suddenly fail on the third or fourth use and have to be reprogrammed multiple times in a single night (and about the fifth time I had the same card reprogrammed, they tossed it in a trash can and programmed a fresh one for me, which never failed again).

    Put simply, low-coercivity cards suck, but high-coercivity cards are pretty solid. Just don't cut corners on your card programmers and you'll be fine.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.