• United States



Black Hat takes heat on data leak talk

Aug 02, 20072 mins
Data and Information Security

At least one Black Hat talk was has been pulled from this year’s conference and it looks like we’ve come close to missing another. This time, the talk in question was Eric Monti & Dan Moniz’s presentation on “Defeating Information Leak Prevention,” which had been scheduled for Wednesday.

When I checked in to Black Hat here in Las Vegas Tuesday night, I asked the show’s organizer, Jeff Moss, if we we were likely to see any Ciscogate fireworks this year, and he said that maybe one of Wednesday’s afternoon talks would get yanked. Jeff wouldn’t tell me any specifics, but in trolling the show floor today, reliable sources fingered the leak prevention talk, which apparently came under fire from an un-named data leak vendor who was not only unhappy with having its products mentioned in the talk, but also objected to responsible disclosure on flaws in the category of data leak detection products.

It seems that when it comes to security vulnerability disclosure, few are testier than security vendors themselves.

Monti & Moniz’s talk was yanked from the program today, but a sanitized version is apparently set to go ahead Thursday afternoon.

I wonder who complained, and how embarrassing these vulnerabilities really are? From the talk abstract:

We’ve been evaluating a number of products in this space and have run across a large number of vulnerabilities. They range from improper evidence handling, to inherent design issues, all the way to complete compromise of an enterprise, using the Extrusion Detection framework

itself as the vehicle.