Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Finds Flaw With Black Hat Video Stream

Posted by timothy on from the fair-play dept.

An anonymous reader writes "Mozilla web security researcher Michael Coates found a flaw in Black Hat's paid video feed. The flaw allowed him to watch a live feed of the conference for free instead of the $395 a head to connect. Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue."

14 of 106 comments (clear)

  1. Keeping the Haxors on their Toes. by Anonymous Coward · · Score: 0, Insightful

    I Like it.

  2. Of course by Anonymous Coward · · Score: 5, Insightful

    Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue.

    If that seems like altruism, think: why would Mozilla want a bunch of black hat hackers pissed off at them?

    1. Re:Of course by RebelWebmaster · · Score: 3, Insightful

      I would say that "Do unto others as you would have them do unto you" would be appropriate in this situation.

  3. Re:responsibility by Cylix · · Score: 4, Insightful

    Then exactly how would they sale online streaming events for 395 and equally expensive conference tickets?

    --
    "You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
  4. because it's stealing by YesIAmAScript · · Score: 2, Insightful

    The product has a price. If you take the product without paying, you're stealing the product.

    Why am I supposed to feel ad for those who had illegal free feeds and no longer do?

    Bandwidth does cost money you know. I'll tell you what, I'll just start siphoning gas out of your car. Not so much that you can't afford it, but just a little. No harm done, right?

    --
    http://lkml.org/lkml/2005/8/20/95
    1. Re:because it's stealing by YesIAmAScript · · Score: 3, Insightful

      Just because the price is high doesn't make it not stealing.

      If you think the product provides a poor value, then don't buy it and do without. Just as you would do if it were a shirt in a store.

      --
      http://lkml.org/lkml/2005/8/20/95
    2. Re:because it's stealing by iammani · · Score: 5, Insightful

      Ahh can we please stop calling it 'stealing'. If I were to steal a shirt in a store, the store would deprived of the shirt. That is not the case here

      Call it unethical, freeloading, leeching, but not stealing.

    3. Re:because it's stealing by tehcyder · · Score: 2, Insightful

      In any case, here you deprive somebody of the money he should have received,

      Agreed, some people deserve money just because!

      No, they deserve money because they provided a service. Or do you not think that lawyers, programmers, stockbrokers and architects should not be paid, just because they haven't created a physical object?

      --
      To have a right to do a thing is not at all the same as to be right in doing it
  5. Re:Prisoner's Dilemma? by Anonymous Coward · · Score: 2, Insightful

    Its a "black hat" conference. Perhaps the reward for them being stupid enough to have hire a dumb 3rd party to do the video conference is to have, like the OP said, a few (note: "few") people be able to stream for free. The biggest irony is it would be "black-hats" streaming for free from black hats, so the conference people really have no say if they do not want to appear hypocritical.

  6. I work with by Anonymous Coward · · Score: 2, Insightful

    the company that organizes these online events. Believe me, this stuff is expensive to put together and while $395 is a lot of money, it does need to be paid for if conferences like this are to exist. Letting people in for free will detract from the exclusivity and ultimate quality of the event online or physical. Being Black Hat, it's not surprising someone figured out an exploit!

    1. Re:I work with by Anonymous Coward · · Score: 1, Insightful

      Let's face it, black hat is just a shitty conference attended by self-proclaimed security researchers. And it's too expensive.

  7. Misleading by Anonymous Coward · · Score: 5, Insightful

    Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue.

    It's obvious why it was quickly fixed - because he disclosed it to the people who were losing out from the flaw.

    A false contrast is being drawn to situations where a supplier, whose OWN security is not at risk and who frequently see discovery of flaws as more of a cost than a benefit, is not given sole access to the details of the flaw.

  8. It could have ended up very different by Okind · · Score: 4, Insightful

    Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue.

    Bugs cost money to fix. In this case, fixing the bug could also cause more paying customers (the freeloaders also willing to pay, no matter how small their number). So it was in their best interest to fix the bug.

    But let's be realistic here: Micheal Coates was lucky.

    There are many instances (some of them documented extensively here), where reporting the bug causes the reporter financial and legal harm. Especially with security related bugs, companies see no potential gain in fixing the bug and cleaning up -- only costs, which piss off their investors. That is, unless the story gets out and people get angry. But by starting a fight with the honest, reponsible reporter, people are much more likely to think: 'must be a disgruntled customer/ex-employee/...'. Result: not enough bad publicity to raise a stink.

  9. Re:responsibility by Hinhule · · Score: 2, Insightful

    Most likely they want actual attendees and if it's too cheap to just watch the stream these computer people may just sit and watch it from the comfort of their own mancave instead of showing up.