Slashdot Mirror
Fake Password Reset E-mail Hits 7,500 Black Hat Registrants
An anonymous reader writes "7,500 Black Hat USA 2012 attendees may have been surprised to get a fake password reset e-mail sent to accounts they used to register for the conference. Black Hat has apologized and explained the lame phishing spam attempt."
Shit security on their end, and that posting does NOT look like an apology.
And what's this BS about expecting the most hostile network? I thought that was DEFCON...
Take off every 'sig' !!
First off, Black Hat is not for the elite. Black Hat is the watered down version of DefCon, made palatable for people and businesses who are afraid of being associated with the criminal element of hacking. While there is some good information to be had at Black Hat, it is generally a pale shadow of what can be found at DefCon. That said, DefCon is a pale shadow of its former self, not in terms of attendance for sure, but definitely in terms of content. For content you must now go to B-Sides, Skytalks, etc., or smaller group meetings in a non-public venue. As far as the "why sign up" using an important account question, what a stupid question. The account is not you, if you are dumb enough to fall for a phishing attempt, it does not matter if it is your main or a throw-away account, as the mentality that falls for such things rarely uses a unique password for each and every on-line service, list membership, etc. Protecting yourself against this kind of crap requires you to not only have a brain, but to use it, ask relevant questions, and trust no sources, ever, no matter what.
You've clearly never even looked at the speakers list or topics for Black Hat. It's not at all watered down; in fact, there used to be a time when a good enough talk would be given at both...but at Defcon, the talk would leave out certain details and depth. By no means is what's delivered light, either...Moxie Marlinspike revealed how to subvert SSL, for example. Dug Song and Thomas Lopatic revealed how to root a Checkpoint Firewall (back when Checkpoint was the big one to get). Major and very serious vulnerabilities in AMI meters (used for Smart Grid) were revealed by IOActive...the list goes on. And you get an incredible mix of major industry players like Cisco and Apple speaking frankly (there's a talk this year on the security architecture of Apple's IOS) along with independent researchers and even lateral thinkers. Jose Nazario...now the Senior Manager for Security Research at Arbor networks, and a Board Member at the Honeynet Project, gave a talk when he was fresh out of finishing his Ph.D. in biochemistry...on viral propagation algorithms for computer viruses. It turns out that what he did his thesis on...viral propagation models for biological viruses...mapped directly to the concept, and the man never worked a day in the biochem field after he finished his doctorate.
So, just because you're not able to afford the ticket, or for some reason you can't gain entry into the infosec field (past criminal record, perhaps? Caught with the ganja, were we?), don't try to tarnish the people trying to share information at the front end of things.
For your security, this post has been encrypted with ROT-13, twice.