July 31, 2010

Even security conferences suffer from vulnerabilities

Whoops, it looks like the folks who developed the registration website for the Blackhat security conference have a little security issue themselves. As Michael Coates reported, the website that is used to register for access to some of the live talks from the conference is vulnerable to a hack where an attacker could obtain free access to paid content.

For a fee the conference offers access to select talks that are streamed live. Well Micheal found a vulnerability where he was able to access the stream without providing his credit card. Oops.

The good news out of all of this is the response from the company who developed the website responded quickly to Michael's call and within 4 hours had a fix installed. Further Michael followed responsible disclosure and did not disclose the issue until after the site was fixed.

No comments: