Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
It's funny. Laugh. Security

Reporters At Black Hat Get Bounced For Hacking 128

Posted by Soulskill from the no-brownie-points-for-you dept.
rickb928 and several others have written to inform us that three reporters for the French publication "Global Security Magazine" were booted out of the Black Hat convention for uncovering the login information of other reporters. Quoting the AP: "The separate, wired Internet connections set up for reporters are supposed to be off-limits to hacking and the Wall of Sheep. Even so reporters who didn't take the extra step and log onto the Internet through an additional secure connection like a virtual private network, risked having their data exposed to colleagues sitting just feet away. It didn't appear to be a complicated hack. The network was working properly, but it wasn't set up to shield each journalist's computer from one another."
This discussion has been archived. No new comments can be posted.

Reporters At Black Hat Get Bounced For Hacking More

Reporters At Black Hat Get Bounced For Hacking

Comments Filter:

  • I guess (Score:5, Interesting)

    by Korbeau ( 913903 ) on Friday August 08, 2008 @10:08PM (#24534317)

    nobody plays Uplink [introversion.co.uk] enough these days.

  • It's happened at Usenix (Score:4, Interesting)

    by argent ( 18001 ) <peter@slashdot.2 ... m ['.ta' in gap]> on Friday August 08, 2008 @10:20PM (#24534375) Homepage Journal

    One Usenix there was an announcement that everyone who had used Kerberos to log in from the terminal room needed to set up new keys. Another finished with a paper on what someone had sniffed on the Wifi LAN.

    So it's no bloody surprise it's happened at Black Hat. Not that the guys who did it were justified, and they're lucky they were just booted out, but anyone who doesn't use encrypted VPNs or encrypted tunnels at ANY technical conference is asking for trouble.

  • Re:Many low cost switches... (Score:5, Interesting)

    by LostCluster ( 625375 ) * on Friday August 08, 2008 @10:31PM (#24534435)

    We're all taught in network design class that a switch unlike a hub doesn't send traffic that's not yours to you, then learn in security class that it's easy to turn a switch into a hub.

  • Two people... (Score:5, Interesting)

    by Eggplant62 ( 120514 ) on Friday August 08, 2008 @10:42PM (#24534485)

    ... are seated in a noisy restaurant, yelling back and forth to each other from one side of the table to the other. I'm sitting 3 tables away and can hear them.

    Am I hacking??

  • Re:Many low cost switches... (Score:5, Interesting)

    by CrazedWalrus ( 901897 ) on Friday August 08, 2008 @11:06PM (#24534625) Journal

    I don't understand this very well, so someone who does please chime in.

    Switches use your ethernet card's MAC address (not IP) to know how to route ethernet frames on across the switch. It knows that MAC AB:CD:EF:etc is on port 1, and 12:34:56:etc is on port 2. Because you can daisy chain switches, it actually has to remember a many MACs to 1 port sort of mapping.

    Switches can only remember a finite number of MAC addresses, so if you overflow the memory of the switch with bogus MAC addresses, it fails over to hub mode and just broadcasts all the packets to all the ports. It's not pretty, and would cause the network to get slower, but at least it would continue to work.

    As I can't see hubs being used at a Black Hat conference, I'd guess this is the sort of thing the reporters did. I'm sure there's a name for it... probably "ARP Cache Smashing" or something, but I don't know it.

    Anyway, if someone can give a better explanation, I'd be grateful.

  • Re:I guess (Score:1, Interesting)

    by Anonymous Coward on Friday August 08, 2008 @11:08PM (#24534633)

    Eh, you hafta pay for it or pirate it though.

    I always thought mod-x [mod-x.co.uk] was way more fun, although I could never beat the last stage of level 8.

  • Re:To prove a point (Score:3, Interesting)

    by mrboyd ( 1211932 ) on Saturday August 09, 2008 @03:49PM (#24539133)
    The mistake of the journalist was to assume that any network at all is secure.

    They were lucky their account info were only stolen for "fun", I doubt anyone else would have had the decency to tell them they had been compromised.

    I will side with the people who think that if you attend a "black hat" conference and dare use a) a computer that you don't own, b) on a network that you don't know, c) to access unencrypted private information, you are fair game.

    IMHO:
    1/ The journalists that were "hacked" don't deserve writing about a topic they can't seem to grasp.

    2/ The black hat organizer should be begging for pardon to be so grossly incompetent they have set up a network which is either plugged in a hub or with a router so lame that arp spoofing is still an option. The "hack" is not detailed and I assume that by "proper separation of the workstation" they mean "Plugged everyone on a hub".

    3/ Finally, because there is two side to a coin, those "hacker" journalist were in clear breach of the journalist ethos which is to report the news and not create the news. There is enough bad journalist around and I don't think those will be missed.

    4/ In the AP news The EFF sounds like a bunch trigger happy hirsute lawyers ready to sue anyone for any reason whatsoever just to get their name in a press release.

Slashdot Top Deals

Today is a good day for information-gathering. Read someone else's mail file.

Close