Juniper Networks Gags "ATM Jackpot" Researcher
RISKY.BIZ EXCLUSIVE -- A demonstration in which security researcher Barnaby Jack would "jackpot" an ATM live on stage at the upcoming Black Hat security conference in Las Vegas has been pulled by his employer.
Security and network device vendor Juniper Networks forced Mr. Jack to cancel his presentation, an anticipated highlight of the Black Hat event, following pressure from the affected ATM vendor. The demonstration would have seen the researcher hack an ATM live on stage, causing it to spit out cash, or "jackpot".
"The affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected," a statement issued by Juniper Networks reads. "Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack’s presentation until all affected vendors have sufficiently addressed the issues found in his research."
Risky.Biz understands the ATM vendor had been given notification of the upcoming presentation, and Juniper Networks was initially happy for Mr. Jack to present his research findings publicly.
Security researcher and the maintainer of the Open Source Vulnerability Database, Brian Martin, told Risky.Biz the cancelation of security-themed presentations by researchers' employers is an all-too-common experience. "Why does it come down to the vendor changing their mind or waiting to pressure," he asks. "They knew about the research, knew about the talk."
The latest cancellation echoes a similar event in 2005, when a talk on vulnerabilities in Cisco equipment by Michael Lynn was pulled from the conference by the networking giant in cooperation with Lynn's employer, security software maker ISS, which is now a division of IBM.
In a dramatic twist, Lynn resigned and gave his talk anyway. Ironically, he was hired by Juniper Networks, where he still works to this day.
In 2008 a talk on flaws in Apple's FileVault encryption technology was also pulled following pressure from the computer maker.
A security researcher who did not wish to be named expressed his disappointment at the cancellation. "It is a shame that this work won't see the light of day, at least for now," he told Risky.Biz. "Barnaby has always done great work and it would be great to learn some of his innovative new approaches to attacking systems that we trust with all of our money... plus, it's just damn cool."
Want more exclusive security news? Sign up for our weekly newsletter here. Get your weekly dose of infosec news, opinion and podcasts!"
Public satellite imagery yields a wealth of intelligence...3 days 56 min ago
Awesome feature track this week. Check it out here!3 days 1 hour ago
Special guests The Grugq, Singe, Charl and Andrew...1 week 3 days ago
Pwnage! Malware! Cats and dogs living together!1 week 3 days ago
All your herp derps are belong to RPTs...3 weeks 3 days ago
- Love the Das Efx tribute.
10 weeks 4 days ago
- LOL so no comment by Adobe's
11 weeks 6 days ago
- Welcome back, great stuff as
14 weeks 2 days ago
- AEDs are very accurate and
20 weeks 5 days ago
- I did see that after we
21 weeks 1 day ago
- Great podcast, a small
21 weeks 6 days ago
- Peck of pickled peppers? We
24 weeks 5 days ago
- Link to Sophail: Applied
27 weeks 3 days ago
- Fixed. I got autocorrected...
29 weeks 4 days ago
- it's jduck, not duck
29 weeks 4 days ago