Surprise: Attempt To Suppress Security Research Blows Up In Company's Face

from the instant-karma dept

Thu, Mar 8th 2007 1:10pm — Joseph Weisenthal

The big story out of last week's Black Hat security conference was that HID Global, a maker of RFID-based door entry cards, managed to prevent a demonstration of how their products were vulnerable to cloning. What made their threats particularly odious was their claim that the presenters were somehow engaging in patent infringement by demonstrating the attack. More broadly, however, this kind of intimidation is almost always a mistake. It only made the company look like bullies with something to hide. It seems that the company may already be paying the consequences for its heavy-handed actions, as the DHS is said to now be examining the vulnerability further. HID Global is now backtracking, saying that it never intended to prevent the presentation from happening, although they don't seem to explain how everybody got that impression. Either way, any hope that the company had in keeping this threat quiet is now totally lost.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

9 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

dataGuy, 8 Mar 2007 @ 1:20pm

Change Icon
I think it's time you create a "Barbra Streisand" icon to identify these types of stores :-)
[ link to this | view in chronology ]
- Betaflame, 8 Mar 2007 @ 1:27pm
  
  Re: Change Icon
  I second that motion.
  [ link to this | view in chronology ]
Geoffrey Kidd, 8 Mar 2007 @ 1:29pm

Hmmm...
If HID Global really wants to convince anybody that a claim of patent infringement and suing IOActive down to their belly-button lint wasn't intended to prevent the demo, they're going to have to take drastic action.

May I suggest that they take the lawyer who wrote the letter AND the president of HID out, and, in public, string them up by their thumbs and give them fifty scarring lashes?

Of course, this is NOT intended to advocate any sort of punitive action against HID or anyone associated with it.
[ link to this | view in chronology ]
Witty Nickname, 8 Mar 2007 @ 2:51pm

Aren't we due an energy efficent light bulb logo before we get one of Babbs?
[ link to this | view in chronology ]
Dosquatch, 8 Mar 2007 @ 4:59pm

DHS? Really?
I'm not sure on what grounds the DHS is investigating this. I mean, not unless it's personal or something.

"Hey, Bob, come check this article out."
"Hmmm. Yeah? So?"
"Well, aren't those the keycards that WE use?"
"Ohhhhhh.... shit."
[ link to this | view in chronology ]
- Anonymous Coward, 8 Mar 2007 @ 6:10pm
  
  Re: DHS? Really?
  Actually, you're pretty close. Aren't something like 300 million cards like this in use around the country? I have two here on my desk: one from my former Unix OS Developer job, and now for my current Government Security Analyst job. Which system would DHS prefer not be hackable by their imaginary nefarious people? the OS which drives the stock market, or the unnamed government office where I may or may not currently work?
  
  This is one DHS effort which, at last, doesn't make them look bumbling and stupid.
  [ link to this | view in chronology ]
Kevin Delaney, 8 Mar 2007 @ 5:14pm

Patent Laws Should Stop ID Theft
Gosh, I think that if people knew that cloning security cards violated a patent, they wouldn't do it. I would imagine that a well run, professional criminal organization would do patent checks on all of the devices that they develop in their criminal career.
[ link to this | view in chronology ]
|333173|3|_||3, 10 Mar 2007 @ 3:22am

I've used the RFID cards, and I have seen how little time they take to have a new value written on one. THe machines for writing them are readily avaliable, as are the machines for printing ID cards, so making a fake ID card with key would not be too difficult. Presumably HID sells writers for these cards so they can be re-used.
[ link to this | view in chronology ]
Mr. Big, 28 Mar 2007 @ 9:36am

Our evaluation
We have dropped HID from consideration in our corporate ID card implementation. Since they don't support open discussion of security issues we cannot be assured they provide a secure prouct and more importantly, feel security is important.
[ link to this | view in chronology ]