Cатсн²² (in)sесuяitу / ChrisJohnRiley

It appears that the discussions about tomorrows 25C3 “Making the theoretical possible” talk by Alex Sotirov and Jake Appelbaum about critical infrastructure is reaching a peak. In a post on the Breakingpoint Systems blog, HD Moore talks about the possible repercussions of the talk and the research done to prove the attack. I’ll be at the talk tomorrow and hope to post some more information as it becomes available.

The blow is an excert from HD’s blog post .:

“First things first; the reason for secrecy. Their research combined a known weakness in one area with a massive resource investment in another to show that a third party was vulnerable to a practical attack that affects the security of all Internet users. Security researchers often release code and technical documentation to demonstrate a flaw, but in this case, they went a step further and used the attack in the real world to obtain proof that it works. This process required interaction with a third party that will likely do whatever they can to save face once the details become public.

To prepare for the fallout, Alexander and Jacob have been working with a legal team to review their work and advise them on the best way to disclose the issue without finding themselves at the receiving end of a lawsuit.”

Looks like the last day of 25C3 will be a good one…. reserve your seats early 😉