Reporters At Black Hat Get Bounced For Hacking

rickb928 and several others have written to inform us that three reporters for the French publication "Global Security Magazine" were booted out of the Black Hat convention for uncovering the login information of other reporters. Quoting the AP: "The separate, wired Internet connections set up for reporters are supposed to be off-limits to hacking and the Wall of Sheep. Even so reporters who didn't take the extra step and log onto the Internet through an additional secure connection like a virtual private network, risked having their data exposed to colleagues sitting just feet away. It didn't appear to be a complicated hack. The network was working properly, but it wasn't set up to shield each journalist's computer from one another."

Not Surprised

Really, I'm not surprised at all that people were kicked out of The Black Hat "Hacker" Conference for hacking.

Just shows that Corporate sponsored Hacker conferences are a contradiction in terms

Many low cost switches...

[msauve]

are really only switched between different speed segments. I.e., they might bridge (switch) between a 10 mb segment and a 100 mb segment, but they're only repeaters (hubs) on each.

Re:Did they forget there role?

[SanityInAnarchy]

You'd think the organizers of the Black Hat convention could properly secure a wired network.

Which they did. They just didn't secure it from the other journalists.

Consider that it is actually impossible to do so, and allow journalists to bring their own laptops. The best you can do is secure a network, not secure the computers on the network, without insisting on admining each such computer -- think Mordac-style.

I'd lay the blame with the Black Hat organizers.

For kicking them? Maybe.

But for allowing it to happen? Not so much.

Re:I guess

[Starayo]

Ah, uplink. Good times, good times.

Don't forget Dark Signs either.

Re:Sure...

[mixmatch]

You're right it takes more work than setting up a dhcp server and plugging in a switch. No wonder they didn't do it.

Re:Did they forget there role?

[SanityInAnarchy]

Each group of journalists could have had their own separate connection to a properly configured router

Implying they could attack each other, still.

Another thing - there's any number of industry-standard authentication & encryption systems out there. IPSEC, 802.1X, Radius, etc.

And if someone didn't even bother to use SSL, what makes you think they'll set all these up on their own computer?

The organizers were just lazy...

For what? Not mandating every journalist use a known-good computer? For not blocking port 80 in favor of 443? For allowing these people on the Internet at all?

Tell me -- given that it's impossible to idiot-proof a single computer, how are you proposing that they idiot-proof an entire network of humans -- humans who can and will make mistakes?

Re:FP

[Ron_Fitzgerald]

Isn't about time /. just not allow anonymous first posts?

To prove a point

[SpaceLifeForm]

That the wired lan was not secure.

The reporters that allowed their login/passwords
to be sniffed should be the ones exposed on the Wall of Sheep.

Talk about being led into a false sense of security.

They *knew* the Wireless was not secure.

But to *ASSUME* the wired LAN was to be trusted
clearly shows their ignorance of security.

The reporter that exposed the problem should not
be booted from future conferences, he should be
welcomed back!

Re:Did they forget there role?

[mwvdlee]

So basically the french got kicked not for hacking but for being a bunch of scriptkiddies that wanted to demonstrate they could "hack" a network known to be badly secured. Rightly so. These journalists wouldn't have been able to report on the real hacks; they wouldn't understand them.