LAS VEGAS--On the eve of this year's Black Hat Briefings here, officials disputed a researcher's claim that his talk had to be canceled. They say the talk never even existed.
Last Thursday, researcher Charles Edge told Brian Krebs of The Washington Post that a talk on a previously disclosed flaw within the encryption for Apple FileVault had to be canceled because of a signed agreement with Apple.
The story had the individuals at Black Hat who handle the Call for Papers--the process by which a researcher submits a request to make a presentation and then waits to hear back from the conference--scrambling. Edge, who goes by the nickname "Krypted," is a well-known Apple security researcher who has previously presented at both Black Hat and its Defcon sister conference.
But on Tuesday, two different Black Hat officials told CNET News that Edge never submitted a paper for this year's conference.
In comments to CNET News, which have been edited for readability, Edge had a lot to say:
I submitted the talk, and later sent a second submission using the same system to then ask to be removed from consideration. As an alumni speaker, I know from experience that the entire Black Hat organization is run extremely well. Why they cannot find me in their system, I cannot speak to.
When this story first came to light, it was The Washington Post who contacted me, asking why the talk had been removed from consideration--and not I who contacted them. I had not, in fact, discussed the talk with anyone between the time that I rescinded the talk and the time I received the call from The Washington Post, and...their source (remains unclear).
It is correct that the reason I did not give the talk was due to various nondisclosure agreements; however, Apple was, to my knowledge, not aware of the talk, and there was no contact between them and myself, nor between them and anyone from my company, 318, in regard to the talk prior to my asking to be removed from consideration.
If it was by some error on my part that the talk was not submitted properly, then this further underscores why this issue is not a big deal. Submitting and then rescinding it has a similar effect to not having submitted at all. If the abstract never made its way into the CFP system, then it simply narrows down the list of people who I need to touch base with that could have been Brian's initial source.
Meanwhile, a Black Hat representative confirmed that a panel discussion titled "Meet the Apple Security Experts" was canceled by its moderator. The panel still appears in the printed schedule for the conference because the cancellation came too late to change the printing. All other references have been removed.
Just days before the annual Black Hat security conference in Las Vegas, a talk on Apple's FileVault encryption system has been abruptly canceled by its presenter.
Researcher Charles Edge told the Washington Post that he had signed confidentiality agreements with Apple. The agreements prevent him from discussing further any vulnerabilities he may have found within Apple's FileVault encryption system. Edge, director of technology of 318 Inc., has spoken at previous Black Hat and DefCon conferences.
This is not the first time a vendor has asked a security researcher not to give a talk at Black Hat.
In 2005, then-ISS employed researcher Micheal Lynn was asked by Cisco not to present a talk on flaws within that company's routers. Onstage at Black Hat, Lynn first quit his job, then went ahead and gave his original talk. Afterward, he, too, signed a confidentiality agreement with Cisco.
- prev
- 1
- next
