Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Finds Flaw With Black Hat Video Stream

Posted by timothy on from the fair-play dept.

An anonymous reader writes "Mozilla web security researcher Michael Coates found a flaw in Black Hat's paid video feed. The flaw allowed him to watch a live feed of the conference for free instead of the $395 a head to connect. Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue."

6 of 106 comments (clear)

  1. Of course by Anonymous Coward · · Score: 5, Insightful

    Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue.

    If that seems like altruism, think: why would Mozilla want a bunch of black hat hackers pissed off at them?

  2. Re:Prisoner's Dilemma? by johnhp · · Score: 5, Funny

    And if there's one thing attendees of Black Hat respect, it's intellectual property... oh wait. Ordinarily I'd say pirating video streams is morally questionable, but hacking access to the video stream of a security conference is so poetic that I refuse to believe it could be evil.

  3. Responsible Disclosure by TXISDude · · Score: 5, Interesting

    As one who has attended many BlackHat conferences - I take offense to the line "Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue" In my experience, BlackHat presenters have followed responsible disclosure - including this year's high profile ATM exploit talk, which, for instance can not be replicated by those in attendence (proof was given that it can be hacked, but the sourcecode was not released) - and the industry certainly knew it was coming for > 1 year - and the end of the presentation gave simple directions about how to mitigate the issues. . .

    --
    Hope is the worst of evils, for it prolongs the torment of man. -- Friedrich Nietzsche
  4. Misleading by Anonymous Coward · · Score: 5, Insightful

    Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue.

    It's obvious why it was quickly fixed - because he disclosed it to the people who were losing out from the flaw.

    A false contrast is being drawn to situations where a supplier, whose OWN security is not at risk and who frequently see discovery of flaws as more of a cost than a benefit, is not given sole access to the details of the flaw.

  5. Re:because it's stealing by iammani · · Score: 5, Insightful

    Ahh can we please stop calling it 'stealing'. If I were to steal a shirt in a store, the store would deprived of the shirt. That is not the case here

    Call it unethical, freeloading, leeching, but not stealing.

  6. Re:because it's stealing by martin-boundary · · Score: 5, Informative

    Stealing is a word, not a reference to the criminal law code in your particular jurisdiction.

    I agree with you, and I also move that we start calling all RIAA employees pedophiles. It's a fine word, not a reference to the criminal code!