A security expert found a way to catch the talks at Black Hat for free, thanks to bugs in the video streaming service used by the security conference. A security expert found a way to catch the talks at Black Hat for free, thanks to bugs in the video streaming service used by the security conference.Michael Coates, the head of Web security for Mozilla, said he discovered several problems while trying to sign up for the US$395 service. As he went through the sign-up procedure, he was “quickly sidetracked by a few oddities in the design,” he wrote in a blog post describing the incident.He poked around a bit more and discovered that he could register an account without providing anything more than an e-mail address, and then use that account on a test login page to access the videos for free.“Now, to be fair, Black Hat didn’t operate this video service themselves,” Coates wrote. “But its still a bit ironic that the largest hacking conference in the world has this security hole in their video streaming service.” Black Hat’s video streaming was provided by Inxpo this year.This is the first year the conference has made video streaming of conference sessions available, Black Hat Director Jeff Moss said. Like other companies, the conference takes a risk when it works with third parties. “I’m always nervous about those systems, because we don’t get access to their source code and we can’t review it,” he said. “We don’t have time to write video streaming software, so we picked a vendor that we thought was good… apparently they’d never hosted a security stream before.” The hotel partners for Black Hat and its sister conference Defcon usually get a similar type of security penetration test when they start hosting the conferences. For the first year or so, the hotel’s TV systems or phone lines will get hacked, and then they eventually lock things down. “It’s kind of like their trial by fire: Welcome to Black Hat,” said Moss.Coates said that he notified the video streaming company before blogging about the issue, and they quickly fixed the bugs. Inxpo couldn’t immediately be reached for comment.Moss, who runs a conference devoted to the disclosure of security problems, had nothing but praise for Coates’ security find. “Well good for him, that’s cool,” he said. “If you can’t protect your stuff, that’s what happens.”Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com Related content feature Accenture takes an industrialized approach to safeguarding its cloud controls Security was once a hindrance for Accenture developers. But since centralizing the company's compliance controls, the process has never been simpler. By Aimee Chanthadavong Dec 11, 2023 8 mins Compliance Compliance Compliance news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Vulnerabilities news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain news New CISO appointments 2023 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Dec 08, 2023 28 mins CSO and CISO Careers Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe