Forwarded from: Jeff Moss <jmoss (at) blackhat.com> At 11:07 PM 9/5/2006, you wrote: > http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003000 > > By Ira Winkler > September 05, 2006 > Computerworld Snip > Unfortunately, the Black Hat conference's review process for > evaluating new hacks doesn't seem to match the stringency of its > paperwork requirements for nonhacking sessions. With such a flaw in > the system, faked Black Hat demos are all but inevitable. Maybe we > should give these would-be hackers credit: They might not have hacked > Apple or Cisco, but they did hack Black Hat. Ira, Sorry to rain on your pre-conceived notions, but we sent a reviewer, Dominique Brezinski, to evaluate their talk. Dominique got a private version of the talk where the exploit(s) were demonstrated live. We put more effort into validating their presentation, not less. If the demonstration could have been done live without the chance of people capturing the packet stream and the exploit getting out 5 minutes after the demo, it would have. Can you imagine those headlines? Black Hat put the researchers in contact with Apple and hosted a meeting with the Cisco security people who were at the conference. Why do you think it was faked? You were not even there. You could always have called me to check your facts, though. Jeff Moss _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Wed Sep 06 2006 - 23:43:27 PDT