Controversial Security Paper Nixed From Black Hat

coondoggie writes us with a link to the Network World site, as he tends to do. Today he offers an article discussing the cancellation of a presentation which would have undermined chip-based security on PCs. Scheduled during the Black Hat USA 2007 event, the event's briefing promised to break the Trusted Computing Group's module, as well as Vista's Bitlocker. Live demos were to be included. The presenters pulled the event, and have no interest in discussing the subject any more. "[Presenters Nitin and Vipin Kumar's] promised exploit would be a chink in the armor of hardware-based system integrity that [trusted platform module] (TPM) is designed to ensure. TPM is also a key component of Trusted Computing Group's architecture for network access control (NAC). TPM would create a unique value or hash of all the steps of a computer's boot sequence that would represent the particular state of that machine, according to Steve Hanna, co-chair of TCG's NAC effort."

Reason for pull?

[gravos]

So, did they pull because they had a problem with the demos at the last minute, or is there a more sinister conspiracy-type explanation for this retraction?

Re:Reason for pull?

[Baron_Yam]

I would definitely be very interested to find out if it is a case of the presenters discovering they hadn't really done what they claimed, or if they folded under threat of litigation.

This is interesting enough geek news that I expect some tech journalist somewhere will follow up on it.

Interesting meta-commentary

[WalterGR]

coondoggie writes us with a link to the Network World site, as he tends to do.

(emphasis mine.) Interesting. First time for such meta-commentary by a slashdot editor? I don't think we ever saw the same for one of Roland Piquepaille's many submissions...

Re:Probably realized...

[I)_MaLaClYpSe_(I]

This can be done with VBootkit [nvlabs.in] as well. Let's resurrect the BIOS viruses. Note that Nitin and Vipin Kumar are the authors of VBootkit and it was covered previously on Slahdot here: VBootkit Bypasses Vista's Code Signing. [slashdot.org]

Re:How could a presentation "undermine" security?

[TheSHAD0W]

"The demonstration would include a few live demonstrations. For example, one demonstration will show how to login and access data on a Windows Vista System (which has TPM + BitLocker enabled)," the abstract said.

If they were able to do that, most likely they had what they said they had. I'm betting they were threatened with a lawsuit or a criminal complaint.

Re:How could a presentation "undermine" security?

[geekoid]

YOu would need to put 3 more zeros on that to shut me up, minimum.
Because when it gets found out, I would not be trusted in the future.