Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Finds Flaw With Black Hat Video Stream

Posted by timothy on from the fair-play dept.

An anonymous reader writes "Mozilla web security researcher Michael Coates found a flaw in Black Hat's paid video feed. The flaw allowed him to watch a live feed of the conference for free instead of the $395 a head to connect. Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue."

5 of 106 comments (clear)

  1. Of course by Anonymous Coward · · Score: 5, Insightful

    Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue.

    If that seems like altruism, think: why would Mozilla want a bunch of black hat hackers pissed off at them?

  2. Re:responsibility by Cylix · · Score: 4, Insightful

    Then exactly how would they sale online streaming events for 395 and equally expensive conference tickets?

    --
    "You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
  3. Misleading by Anonymous Coward · · Score: 5, Insightful

    Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue.

    It's obvious why it was quickly fixed - because he disclosed it to the people who were losing out from the flaw.

    A false contrast is being drawn to situations where a supplier, whose OWN security is not at risk and who frequently see discovery of flaws as more of a cost than a benefit, is not given sole access to the details of the flaw.

  4. It could have ended up very different by Okind · · Score: 4, Insightful

    Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue.

    Bugs cost money to fix. In this case, fixing the bug could also cause more paying customers (the freeloaders also willing to pay, no matter how small their number). So it was in their best interest to fix the bug.

    But let's be realistic here: Micheal Coates was lucky.

    There are many instances (some of them documented extensively here), where reporting the bug causes the reporter financial and legal harm. Especially with security related bugs, companies see no potential gain in fixing the bug and cleaning up -- only costs, which piss off their investors. That is, unless the story gets out and people get angry. But by starting a fight with the honest, reponsible reporter, people are much more likely to think: 'must be a disgruntled customer/ex-employee/...'. Result: not enough bad publicity to raise a stink.

  5. Re:because it's stealing by iammani · · Score: 5, Insightful

    Ahh can we please stop calling it 'stealing'. If I were to steal a shirt in a store, the store would deprived of the shirt. That is not the case here

    Call it unethical, freeloading, leeching, but not stealing.