Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reporters At Black Hat Get Bounced For Hacking

Posted by Soulskill on from the no-brownie-points-for-you dept.

rickb928 and several others have written to inform us that three reporters for the French publication "Global Security Magazine" were booted out of the Black Hat convention for uncovering the login information of other reporters. Quoting the AP: "The separate, wired Internet connections set up for reporters are supposed to be off-limits to hacking and the Wall of Sheep. Even so reporters who didn't take the extra step and log onto the Internet through an additional secure connection like a virtual private network, risked having their data exposed to colleagues sitting just feet away. It didn't appear to be a complicated hack. The network was working properly, but it wasn't set up to shield each journalist's computer from one another."

3 of 128 comments (clear)

  1. Re:Did they forget there role? by SanityInAnarchy · · Score: 4, Insightful

    You'd think the organizers of the Black Hat convention could properly secure a wired network.

    Which they did. They just didn't secure it from the other journalists.

    Consider that it is actually impossible to do so, and allow journalists to bring their own laptops. The best you can do is secure a network, not secure the computers on the network, without insisting on admining each such computer -- think Mordac-style.

    I'd lay the blame with the Black Hat organizers.

    For kicking them? Maybe.

    But for allowing it to happen? Not so much.

    --
    Don't thank God, thank a doctor!
  2. Re:Did they forget there role? by SanityInAnarchy · · Score: 4, Insightful

    Each group of journalists could have had their own separate connection to a properly configured router

    Implying they could attack each other, still.

    Another thing - there's any number of industry-standard authentication & encryption systems out there. IPSEC, 802.1X, Radius, etc.

    And if someone didn't even bother to use SSL, what makes you think they'll set all these up on their own computer?

    The organizers were just lazy...

    For what? Not mandating every journalist use a known-good computer? For not blocking port 80 in favor of 443? For allowing these people on the Internet at all?

    Tell me -- given that it's impossible to idiot-proof a single computer, how are you proposing that they idiot-proof an entire network of humans -- humans who can and will make mistakes?

    --
    Don't thank God, thank a doctor!
  3. To prove a point by SpaceLifeForm · · Score: 4, Insightful

    That the wired lan was not secure.

    The reporters that allowed their login/passwords
    to be sniffed should be the ones exposed on the Wall of Sheep.

    Talk about being led into a false sense of security.

    They *knew* the Wireless was not secure.

    But to *ASSUME* the wired LAN was to be trusted
    clearly shows their ignorance of security.

    The reporter that exposed the problem should not
    be booted from future conferences, he should be
    welcomed back!

    --
    You are being MICROattacked, from various angles, in a SOFT manner.