Mozilla Finds Flaw With Black Hat Video Stream 106
An anonymous reader writes "Mozilla web security researcher Michael Coates found a flaw in Black Hat's paid video feed. The flaw allowed him to watch a live feed of the conference for free instead of the $395 a head to connect. Unlike many presenters at Black Hat, Michael responsibly disclosed the flaw to organizers, who quickly fixed the issue."
Re:Of course (Score:2, Interesting)
responsibility (Score:3, Interesting)
The responsibility aspect is one area where the Black Hat guys could earn a lot of respect by doing the right thing. It's a dick move to just disclose stuff without giving companies a chance to fix their mistakes, no matter how stupid it is.
Prisoner's Dilemma? (Score:2, Interesting)
Interesting. You have an unknown number of users accessing the video feeds for free. The system has equilibrium and is yet unstable (they might find out at any time and block everyone). Now enter one prisoner who rats out everyone else. The end result? That one individual gets a free legitimate account and free access to the video streams while everyone else has their access blocked.
Honestly? It sounds like Michael Coates is a little bit of a douche. A small handful of users accessing the stream for free doesn't really hurt anything and it's not like this was some serious security vulnerability. Reading his blog post, he makes it sounds more like he uncovered some huge security exploit. Truth is all he really did is save a somewhat inept third party development company a little bandwidth money.
He should have just waited until the conference was finished and then notified them for future reference. That way everyone clever enough to notice the exploit got their little bonus and the company learns its lesson. No real harm done.
Re:Prisoner's Dilemma? (Score:2, Interesting)
Responsible Disclosure (Score:5, Interesting)
Re:Prisoner's Dilemma? (Score:3, Interesting)
Re:Prisoner's Dilemma? (Score:3, Interesting)
Ordinarily I'd say pirating video streams is morally questionable, but hacking access to the video stream of a security conference is so poetic that I refuse to believe it could be evil.
The best example that being a cracker is not synonym with being dishonest.
Even more, I see it as a good example of a wise strategy on long term: if disclosing the flaw before giving a chance the organizers to patch it would have exposed the organizers to ridicule. And one would rely on the same ridiculed persons to have a DEFCON 2011? Opportunism rarely make good sense in scarcity conditions.
Re:Of course (Score:1, Interesting)
If that seems like altruism, think: why would Mozilla want a bunch of black hat hackers pissed off at them?
If this post sounds like cynicism, it is.