Surprise: Attempt To Suppress Security Research Blows Up In Company's Face

from the instant-karma dept

The big story out of last week's Black Hat security conference was that HID Global, a maker of RFID-based door entry cards, managed to prevent a demonstration of how their products were vulnerable to cloning. What made their threats particularly odious was their claim that the presenters were somehow engaging in patent infringement by demonstrating the attack. More broadly, however, this kind of intimidation is almost always a mistake. It only made the company look like bullies with something to hide. It seems that the company may already be paying the consequences for its heavy-handed actions, as the DHS is said to now be examining the vulnerability further. HID Global is now backtracking, saying that it never intended to prevent the presentation from happening, although they don't seem to explain how everybody got that impression. Either way, any hope that the company had in keeping this threat quiet is now totally lost.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    dataGuy, Mar 8th, 2007 @ 1:20pm

    Change Icon

    I think it's time you create a "Barbra Streisand" icon to identify these types of stores :-)

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Betaflame, Mar 8th, 2007 @ 1:27pm

    Re: Change Icon

    I second that motion.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Geoffrey Kidd, Mar 8th, 2007 @ 1:29pm

    Hmmm...

    If HID Global really wants to convince anybody that a claim of patent infringement and suing IOActive down to their belly-button lint wasn't intended to prevent the demo, they're going to have to take drastic action.

    May I suggest that they take the lawyer who wrote the letter AND the president of HID out, and, in public, string them up by their thumbs and give them fifty scarring lashes?

    Of course, this is NOT intended to advocate any sort of punitive action against HID or anyone associated with it.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Witty Nickname, Mar 8th, 2007 @ 2:51pm

    Aren't we due an energy efficent light bulb logo before we get one of Babbs?

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Dosquatch, Mar 8th, 2007 @ 4:59pm

    DHS? Really?

    I'm not sure on what grounds the DHS is investigating this. I mean, not unless it's personal or something.

    "Hey, Bob, come check this article out."

    "Hmmm. Yeah? So?"

    "Well, aren't those the keycards that WE use?"

    "Ohhhhhh.... shit."

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Kevin Delaney, Mar 8th, 2007 @ 5:14pm

    Patent Laws Should Stop ID Theft

    Gosh, I think that if people knew that cloning security cards violated a patent, they wouldn't do it. I would imagine that a well run, professional criminal organization would do patent checks on all of the devices that they develop in their criminal career.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Mar 8th, 2007 @ 6:10pm

    Re: DHS? Really?

    Actually, you're pretty close. Aren't something like 300 million cards like this in use around the country? I have two here on my desk: one from my former Unix OS Developer job, and now for my current Government Security Analyst job. Which system would DHS prefer not be hackable by their imaginary nefarious people? the OS which drives the stock market, or the unnamed government office where I may or may not currently work?

    This is one DHS effort which, at last, doesn't make them look bumbling and stupid.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    |333173|3|_||3, Mar 10th, 2007 @ 3:22am

    I've used the RFID cards, and I have seen how little time they take to have a new value written on one. THe machines for writing them are readily avaliable, as are the machines for printing ID cards, so making a fake ID card with key would not be too difficult. Presumably HID sells writers for these cards so they can be re-used.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Mr. Big, Mar 28th, 2007 @ 9:36am

    Our evaluation

    We have dropped HID from consideration in our corporate ID card implementation. Since they don't support open discussion of security issues we cannot be assured they provide a secure prouct and more importantly, feel security is important.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This