The Irony - Black Hat Video Stream Hack

7/29/2010

Michael Coates

http://michael-coates.blogspot.com/2010/07/irony-black-hat-video-stream-hack.html



 Free access to the Black Hat Video Stream? Yep, that was the case.  Read on for the whole story.
I was unable to attend Black Hat in person this year. Instead, I decided I would closely monitor twitter, blogs and the Black Hat page itself to stay up to date. In this process I noticed the new "Black Hat Uplink" service that would allow remote individuals access to streaming Black Hat talks from two select tracks. Great! Now I could watch some talks even though I wasn't there. This sounded perfect and I began the registration process.

However, during registration I was quickly sidetracked by a few oddities in the design. Long story short, I identified a series of flaws that would enable the creation of an account with only providing an email address (e.g. no name, address, phone etc) and I was never asked to enter any credit card data.  Odd I thought, perhaps you enter the credit card info upon your first login.  The only problem was that I didn't actually have a registration email with a link to the login page.  A few select Google searches and I ended up on a relatively vanilla looking login page.  I have a username and a key, let's give it a shot.  To my surprise the login was accepted and I was now sitting in front of the live Black Hat video stream.

[...]


main page ATTRITION feedback