Fake Password Reset E-mail Hits 7,500 Black Hat Registrants

← Back to Stories (view on slashdot.org)

Fake Password Reset E-mail Hits 7,500 Black Hat Registrants

Posted by timothy on Sunday July 22, 2012 @05:48PM from the perfectly-natural-return-to-your-homes dept.

An anonymous reader writes "7,500 Black Hat USA 2012 attendees may have been surprised to get a fake password reset e-mail sent to accounts they used to register for the conference. Black Hat has apologized and explained the lame phishing spam attempt."

10 of 67 comments (clear)

Min score:

Reason:

Sort:

I would be deeply saddened by Anonymous Coward · 2012-07-22 17:50 · Score: 5, Funny

...if any of them fell for it.
1. Re:I would be deeply saddened by Mabhatter · 2012-07-22 18:31 · Score: 4, Insightful
  
  They totally deserve that? Why would you sign up for a "Black Hat" event with an important account? The trusting fools!
2. Re:I would be deeply saddened by LordLimecat · 2012-07-23 01:45 · Score: 3, Informative
  
  This wasnt something "to fall for"-- the emails were legit in that they really came from BlackHat registration. That everyone thinks the summary is accurate is little hillarious.
  I mean, the article wasnt exctly lengthy, and they even gave an executive summary:
  
  This morning, some idle hands browsed their way to a screen that looked like this:
  We would provide a better screenshot, but that actually ends in sending an email. Call it a 'feature'. The link provided in the email is to an onsite host on our registration network.
  Basically, a volunteer went to a place they shouldnt have, which resulted in reset emails being fired off to everyone.
  Nowhere does it say or imply that it was phishing attempt. Im glad the editors are continuing the fine tradition of not even opening the links of the article they are supposed to be reviewing.
3. Re:I would be deeply saddened by Shoten · 2012-07-23 02:01 · Score: 4, Interesting
  
  You've clearly never even looked at the speakers list or topics for Black Hat. It's not at all watered down; in fact, there used to be a time when a good enough talk would be given at both...but at Defcon, the talk would leave out certain details and depth. By no means is what's delivered light, either...Moxie Marlinspike revealed how to subvert SSL, for example. Dug Song and Thomas Lopatic revealed how to root a Checkpoint Firewall (back when Checkpoint was the big one to get). Major and very serious vulnerabilities in AMI meters (used for Smart Grid) were revealed by IOActive...the list goes on. And you get an incredible mix of major industry players like Cisco and Apple speaking frankly (there's a talk this year on the security architecture of Apple's IOS) along with independent researchers and even lateral thinkers. Jose Nazario...now the Senior Manager for Security Research at Arbor networks, and a Board Member at the Honeynet Project, gave a talk when he was fresh out of finishing his Ph.D. in biochemistry...on viral propagation algorithms for computer viruses. It turns out that what he did his thesis on...viral propagation models for biological viruses...mapped directly to the concept, and the man never worked a day in the biochem field after he finished his doctorate.
  So, just because you're not able to afford the ticket, or for some reason you can't gain entry into the infosec field (past criminal record, perhaps? Caught with the ganja, were we?), don't try to tarnish the people trying to share information at the front end of things.
  
  --
  
  For your security, this post has been encrypted with ROT-13, twice.
Re:I can explain. by Anonymous Coward · 2012-07-22 17:56 · Score: 3, Funny

I can tell, since it's actually the second post.
Re:How many peeps fell for it? by Sir_Sri · 2012-07-22 18:00 · Score: 4, Insightful

These are the elite
No, some of them are elite hackers, some of them are just trying to keep up with the mischief elite hackers are going to be creating or trying to feel like they're part of the culture.
Re:the ironing by philip.paradis · 2012-07-22 18:37 · Score: 4, Funny

Man, I've heard of some strange fetishes in my time, but savoring the flavor of freshly ironed clothing is a first in my book. Do you prefer light or heavy starch?

--
Write failed: Broken pipe
The Reply by azalin · 2012-07-22 18:41 · Score: 5, Insightful

An automatic reply should have been sent to everyone who fell for it:
Your reservation has been revoked. Please invest some time in learning basic security guidelines before applying again.
Best regards
Shit security by FormOfActionBanana · 2012-07-22 18:42 · Score: 4, Interesting

Shit security on their end, and that posting does NOT look like an apology.
And what's this BS about expecting the most hostile network? I thought that was DEFCON...

--
Take off every 'sig' !!
Re:the ironing by WrongSizeGlass · 2012-07-22 23:10 · Score: 3, Insightful

Actually, it's a Simspons reference from "The Simpsons: Grift of the Magi (#11.9)" (1999)