Black Hat says 'canceled' Apple talk never existed
A talk on vulnerabilities in the encryption within Apple FileVault was never submitted, according to officials of the security conference. But researcher Charles Edge begs to differ.
LAS VEGAS--On the eve of this year's Black Hat Briefings here, officials disputed a researcher's claim that his talk had to be canceled. They say the talk never even existed.
Last Thursday, researcher Charles Edge told Brian Krebs of The Washington Post that a talk on a previously disclosed flaw within the encryption for Apple FileVault had to be canceled because of a signed agreement with Apple.
The story had the individuals at Black Hat who handle the Call for Papers--the process by which a researcher submits a request to make a presentation and then waits to hear back from the conference--scrambling. Edge, who goes by the nickname "Krypted," is a well-known Apple security researcher who has previously presented at both Black Hat and its Defcon sister conference.
But on Tuesday, two different Black Hat officials told CNET News that Edge never submitted a paper for this year's conference.
In comments to CNET News, which have been edited for readability, Edge had a lot to say:
I submitted the talk, and later sent a second submission using the same system to then ask to be removed from consideration. As an alumni speaker, I know from experience that the entire Black Hat organization is run extremely well. Why they cannot find me in their system, I cannot speak to.
When this story first came to light, it was The Washington Post who contacted me, asking why the talk had been removed from consideration--and not I who contacted them. I had not, in fact, discussed the talk with anyone between the time that I rescinded the talk and the time I received the call from The Washington Post, and...their source (remains unclear).
It is correct that the reason I did not give the talk was due to various nondisclosure agreements; however, Apple was, to my knowledge, not aware of the talk, and there was no contact between them and myself, nor between them and anyone from my company, 318, in regard to the talk prior to my asking to be removed from consideration.
If it was by some error on my part that the talk was not submitted properly, then this further underscores why this issue is not a big deal. Submitting and then rescinding it has a similar effect to not having submitted at all. If the abstract never made its way into the CFP system, then it simply narrows down the list of people who I need to touch base with that could have been Brian's initial source.
Meanwhile, a Black Hat representative confirmed that a panel discussion titled "Meet the Apple Security Experts" was canceled by its moderator. The panel still appears in the printed schedule for the conference because the cancellation came too late to change the printing. All other references have been removed.