The annual Black Hat Briefings hacker conference got off to a rocky
start Sunday after thousands of registered attendees received a fishy
smelling "account password reset" e-mail that contained a suspicious
URL. But a message from conference organizers hours later said the
errant e-mail was no phishing attack, but merely an "abuse of
functionality" by a bored Black Hat volunteer.
The e-mail, with
the subject line "Your admin password" was sent to around 7,500 people
who have registered to attend the annual hacker confab in Las Vegas,
Nevada at around 11:50 AM on Sunday.
The brief e-mail, sent from
an e-mail at itn-international.com read: "This is a note from BlackHat
2012. You have requested a new password. Here are your details." That
message was followed by a blank Username and Password and a URL that
recipients were asked to use to sign in.
Reaction from BlackHat's notoriously security-conscious
attendees was swift. Security experts used their Twitter accounts to
inquire about what many assumed was a phishing e-mail or social
engineering attack.
"Just got a fake pw reset email for my #blackhat account. And so it begins..." wrote Bob Lord (@boblord) of Twitter's own security team.
Just three hours later, however, conference organizers set jangled nerves to rest, acknowledging in a blog post
that a volunteer tinkering with a loosely secured script on a Black Hat
registration server belonging to ITN, the company handling Black Hat's
registration, was responsible for sending out the e-mail blast to
conference attendees.
"We have reviewed the server logs, we know
the user, host, and have spoken with the volunteer who has emailed each
of you this morning...The email this morning was an abuse of
functionality by a volunteer who has been spoken to," wrote Black Hat
general manager Trey Ford. "This feature has since been removed as a
precautionary measure."
The annual Black Hat Briefings show, which takes place in Las Vegas, brings together some of the world's top hacking talent.
The show is no stranger to hacks, practical jokes and legal blow-ups.
Attendees connecting to conference resources using insecure laptops, Web
browsers or wi-fi connections are known to be called out publicly on a
giant "Wall of Sheep." Furthermore, security experts are more than happy
to use the Black Hat network and conference attendees as their testbed.
In 2010, for example, a security expert showed how Internet users could
view the conference proceedings for free by exploiting vulnerabilities in Black Hat's web site.
Courtesy by Paul Roberts
No comments:
Post a Comment