Self-pwned: Black Hat says soz for phishing attack scare
Black Hat conference Organisers of the annual Black Hat conference have apologised after an estimated 7,500 conference delegates received a suspicious email yesterday resembling a phishing attack.
The dodgy email, informing entrants of a supposed password reset, was sent out after a volunteer with ITN International, the third-party firm handling on-site registrations for this week’s Las Vegas conference, “pressed the wrong button” on a mail-out webform, the organisers explained.
The email this morning was an abuse of functionality by a volunteer who has been spoken to. This feature has since been removed as a precautionary measure.
There are “no signs of compromise” said Trey Ford, general manager at Black Hat. Organisers acknowledged the security snafu minutes after the Sunday mail-out, diffusing any potential criticism.
Even so the incident is likely to become a candidate for the Pwnie Awards, Black Hat’s answer to the Golden Raspberry Awards.
The offending email smelled a little phishy for number of reasons – not least because it came from an organisation other than Black Hat and invited action in a link supplied in an email that didn’t even point to a Black Hat site. The link in the email was broken, however, so if it were a phish, it was never one that was going to work anyway.
A screenshot of the offending email, together with additional security commentary, can be found in a blog post by Paul Ducklin of Sophos here. ®