informa
2 MIN READ
Commentary

Black Hat Disputes Charles Edge Talk Even Submitted

Last week we covered two incidents surrounding Apple's (non) participation at this year's Black Hat conference. Apparently, the first was a potential talk pulled for consideration because Apple just doesn't like its engineers explaining anything about how they handle software security. The other, Black Hat contends, was never even submitted.
Last week we covered two incidents surrounding Apple's (non) participation at this year's Black Hat conference. Apparently, the first was a potential talk pulled for consideration because Apple just doesn't like its engineers explaining anything about how they handle software security. The other, Black Hat contends, was never even submitted.I'm talking about the talk Apple software expert and security researcher Charles Edge wanted to present about a potential weakness in Apple's FileVault disk encryption. While Edge told Washington Post reporter Brian Krebs that he submitted the proposal for his talk several months ago, then withdrew the proposed talk a couple of weeks thereafter, Black Hat conference officials say they have no record of Edge's FileVault talk ever being submitted, let alone withdrawn.

Here is how Edge responded to News.com:


I submitted the talk, and later sent a second submission using the same system to then ask to be removed from consideration. As an alumni speaker, I know from experience that the entire Black Hat organization is run extremely well. Why they cannot find me in their system, I cannot speak to.

When this story first came to light, it was The Washington Post who contacted me, asking why the talk had been removed from consideration -- and not I who contacted them. I had not, in fact, discussed the talk with anyone between the time that I rescinded the talk and the time I received the call from The Washington Post, and ... their source (remains unclear).

This morning in a discussion, Krebs confirmed what Edge is saying. And as to whether or not the talk was submitted, that seems to be an unprovable he said/she said situation. My take: It's a misunderstanding. But what I'd really like to know more about is how critical this FileVault vulnerability really is.