Black Hat talk on Apple encryption flaw pulled

Brian Krebs from the Washington Post “Security Fix” Blog reported that one of the talks slated for next week’s Black Hat convention on a previously undiscovered flaw in Apple’s FileVault encryption system has been canceled, the researcher citing confidentiality agreements as the reason he will not be speaking.

The article states:

Charles Edge, a researcher from Georgia, had been slated to discuss his research on a weakness that could be used to defeat FileVault encryption on the Mac. But sometime last week, Black Hat organizers pulled his name and presentation listing from its schedule of talks.

Contacted via cell phone, Edge said he signed confidentiality agreements with Apple, which prevents him from speaking on the topic and from discussing the matter further.

Ah, the week before Black Hat, almost as much fun as Black Hat itself. It’s like the week before Christmas. It’s unfortunate we will have to miss out on this research.

I find it interesting that Apple is more than happy to let its own employee, Alex Ionescu, discuss flaws in the Microsoft Windows Kernel, but not willing to allow another researcher to talk about Apple. Perhaps Microsoft does not have an NDA with Alex, so they can’t force the issue, but I think it is pretty strange that it is fine for one of Apple’s researchers to discuss issues facing Microsoft, but it is unreasonable for another researcher to discuss issues facing Apple.

In any case, I’m glad Alex is speaking, please don’t take this as a call out against his talk. In fact, his talk is one of those that I’m most looking forward too… I just wish that Charles Edge would be allowed to present his research as well, NDA or no NDA.

[Source: zdnet]