Forgot your password?

Close
typodupeerror
Mozilla It's funny. Laugh. Technology

Mozilla Finds Flaw With Black Hat Video Stream 106

Posted by timothy
from the fair-play dept.
An anonymous reader writes "Mozilla web security researcher Michael Coates found a flaw in Black Hat's paid video feed. The flaw allowed him to watch a live feed of the conference for free instead of the $395 a head to connect. Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue."
This discussion has been archived. No new comments can be posted.

Mozilla Finds Flaw With Black Hat Video Stream More

Mozilla Finds Flaw With Black Hat Video Stream

Comments Filter:

  • Keeping the Haxors on their Toes. (Score:0, Insightful)

    by Anonymous Coward on Monday August 02 2010, @01:59AM (#33107364)

    I Like it.

  • Of course (Score:5, Insightful)

    by Anonymous Coward on Monday August 02 2010, @02:01AM (#33107376)

    Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue.

    If that seems like altruism, think: why would Mozilla want a bunch of black hat hackers pissed off at them?

  • Re:responsibility (Score:5, Insightful)

    by Cylix (55374) * on Monday August 02 2010, @02:18AM (#33107442) Homepage Journal

    Then exactly how would they sale online streaming events for 395 and equally expensive conference tickets?

  • because it's stealing (Score:2, Insightful)

    by YesIAmAScript (886271) on Monday August 02 2010, @02:29AM (#33107478)

    The product has a price. If you take the product without paying, you're stealing the product.

    Why am I supposed to feel ad for those who had illegal free feeds and no longer do?

    Bandwidth does cost money you know. I'll tell you what, I'll just start siphoning gas out of your car. Not so much that you can't afford it, but just a little. No harm done, right?

  • Re:Prisoner's Dilemma? (Score:2, Insightful)

    by Anonymous Coward on Monday August 02 2010, @02:29AM (#33107480)
    Its a "black hat" conference. Perhaps the reward for them being stupid enough to have hire a dumb 3rd party to do the video conference is to have, like the OP said, a few (note: "few") people be able to stream for free. The biggest irony is it would be "black-hats" streaming for free from black hats, so the conference people really have no say if they do not want to appear hypocritical.

  • I work with (Score:2, Insightful)

    by Anonymous Coward on Monday August 02 2010, @02:55AM (#33107622)

    the company that organizes these online events. Believe me, this stuff is expensive to put together and while $395 is a lot of money, it does need to be paid for if conferences like this are to exist. Letting people in for free will detract from the exclusivity and ultimate quality of the event online or physical. Being Black Hat, it's not surprising someone figured out an exploit!

  • Misleading (Score:5, Insightful)

    by Anonymous Coward on Monday August 02 2010, @03:21AM (#33107698)

    Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue.

    It's obvious why it was quickly fixed - because he disclosed it to the people who were losing out from the flaw.

    A false contrast is being drawn to situations where a supplier, whose OWN security is not at risk and who frequently see discovery of flaws as more of a cost than a benefit, is not given sole access to the details of the flaw.

  • Re:because it's stealing (Score:3, Insightful)

    by YesIAmAScript (886271) on Monday August 02 2010, @03:35AM (#33107758)

    Just because the price is high doesn't make it not stealing.

    If you think the product provides a poor value, then don't buy it and do without. Just as you would do if it were a shirt in a store.

  • It could have ended up very different (Score:4, Insightful)

    by Okind (556066) on Monday August 02 2010, @03:37AM (#33107766) Homepage

    Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue.

    Bugs cost money to fix. In this case, fixing the bug could also cause more paying customers (the freeloaders also willing to pay, no matter how small their number). So it was in their best interest to fix the bug.

    But let's be realistic here: Micheal Coates was lucky.

    There are many instances (some of them documented extensively here), where reporting the bug causes the reporter financial and legal harm. Especially with security related bugs, companies see no potential gain in fixing the bug and cleaning up -- only costs, which piss off their investors. That is, unless the story gets out and people get angry. But by starting a fight with the honest, reponsible reporter, people are much more likely to think: 'must be a disgruntled customer/ex-employee/...'. Result: not enough bad publicity to raise a stink.

  • Re:because it's stealing (Score:5, Insightful)

    by iammani (1392285) on Monday August 02 2010, @03:49AM (#33107824)
    Ahh can we please stop calling it 'stealing'. If I were to steal a shirt in a store, the store would deprived of the shirt. That is not the case here

    Call it unethical, freeloading, leeching, but not stealing.

  • Re:responsibility (Score:3, Insightful)

    by Hinhule (811436) on Monday August 02 2010, @05:12AM (#33108106)

    Most likely they want actual attendees and if it's too cheap to just watch the stream these computer people may just sit and watch it from the comfort of their own mancave instead of showing up.

  • Re:because it's stealing (Score:3, Insightful)

    by tehcyder (746570) on Monday August 02 2010, @07:15AM (#33108476) Journal

    In any case, here you deprive somebody of the money he should have received,

    Agreed, some people deserve money just because!

    No, they deserve money because they provided a service. Or do you not think that lawyers, programmers, stockbrokers and architects should not be paid, just because they haven't created a physical object?

  • Re:I work with (Score:1, Insightful)

    by Anonymous Coward on Monday August 02 2010, @08:02AM (#33108678)

    Let's face it, black hat is just a shitty conference attended by self-proclaimed security researchers. And it's too expensive.

  • Re:Of course (Score:4, Insightful)

    by RebelWebmaster (628941) on Monday August 02 2010, @09:20AM (#33109180)
    I would say that "Do unto others as you would have them do unto you" would be appropriate in this situation.

Barker's Proof: Proofreading is more effective after publication.