Original URL: https://www.theregister.com/2012/07/23/black_hat_phishing_snafu/

Self-pwned: Black Hat says soz for phishing attack scare

Looked like phish, smelled like phish, but was just a cock-up

By John Leyden

Posted in Security, 23rd July 2012 14:31 GMT

Black Hat conference Organisers of the annual Black Hat conference have apologised after an estimated 7,500 conference delegates received a suspicious email yesterday resembling a phishing attack.

The dodgy email, informing entrants of a supposed password reset, was sent out after a volunteer with ITN International, the third-party firm handling on-site registrations for this week's Las Vegas conference, "pressed the wrong button" on a mail-out webform, the organisers explained.

The email this morning was an abuse of functionality by a volunteer who has been spoken to. This feature has since been removed as a precautionary measure.

There are "no signs of compromise" said Trey Ford, general manager at Black Hat. Organisers acknowledged the security snafu minutes after the Sunday mail-out, diffusing any potential criticism.

Even so the incident is likely to become a candidate for the Pwnie Awards, Black Hat's answer to the Golden Raspberry Awards.

The offending email smelled a little phishy for number of reasons – not least because it came from an organisation other than Black Hat and invited action in a link supplied in an email that didn't even point to a Black Hat site. The link in the email was broken, however, so if it were a phish, it was never one that was going to work anyway.

A screenshot of the offending email, together with additional security commentary, can be found in a blog post by Paul Ducklin of Sophos here. ®