Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

SentinelOne makes YouTube delete Bsides vid 'cuz it didn't like the way bugs were reported

Research silenced amid copyright, trademark claim

Shaun Nichols in San Francisco Sat 18 Aug 2018  //  00:51 UTC

Updated If you were at BSides Manchester in England this week, you hopefully caught James Williams' presentation on the shortcomings of some commercial antivirus tools.

If not, and you hoped to watch it on YouTube, you may be out of luck for a while.

That's because one of the vendors mentioned – SentinelOne – is rather upset with the talk, funnily enough titled "Next-gen AV vs my shitty code." To stop people seeing it, the Silicon Valley biz filed a copyright-infringement complaint to make YouTube remove a recording of the presentation from the BSides Manchester channel.

The effort to strip the presentation from the official channel, and out of sight of the internet, worked: at time of writing, the video of Williams' talk has been removed.

Not surprisingly, the takedown complaint is not being met with much sympathy from the security research community, which sees it more as an attempt by an embarrassed vendor to cover up bugs and stamp out unflattering attention.

Williams told El Reg he has yet to hear the reasoning on why the video has been taken down, while BSides Manchester organizers said they are still reviewing the video and claim to work out what got SentinelOne so upset.

For one thing, his presentation did not include any source code nor any other sensitive intellectual property owned by SentinelOne, from what we can tell.

The Register pinged SentinelOne for comment, which in turn revealed it was a tad unhappy with the presentation, something something something, copyright and trademark claim. A spokesperson told us:

We strongly support the work of BSides and participated in the conference earlier this year by sending our own researchers. We're always open to feedback, but we expect that feedback to come through the use of a supported version of our product and this video showed our 1.8.4 version which reached its end of life earlier this year (our notification from March can be found here).

In addition, as we are protecting critical global enterprises, if a party believes there's a bug in our product, we expect them to follow the common disclosure practices in place that protect the entire community.

From a legal perspective, the video breached our terms of service, copyright laws, and trademark laws. It was removed lawfully after being reviewed by YouTube. With that said, we've invited the author to collaborate with us on a supported version and look forward to that opportunity.

El Reg has asked for clarification on what exactly the infringing content was – because a breach of the antivirus maker's terms-of-service is not a valid reason to take down a video – and has yet to hear back at the time of publication. We also asked Williams to comment on SentinelOne's allegations about bug disclosure methods.

And if you want to see what all the fuss is over, Williams gave a very similar talk last month at SteelCon, a hacker gathering in the north of England, which happens to be online here...

...and you can find the slides and more resources on GitHub over here. ®

Updated to add

The video was restored to YouTube by 10am PT on Saturday.
Send us news
25 Comments

It's 2024 and Intel silicon is still haunted by data-spilling Spectre

Go, go InSpectre Gadget

Microsoft squashes SmartScreen security bypass bug exploited in the wild

Plus: Adobe, SAP, Fortinet, VMware, Cisco issue pressing updates

US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products

In what other sphere does a bad supplier not feel pain for its foulups?

Tough luck, bosses, AI is coming for your job, too

Algorithms as PHBs – who wouldn't want that?

Cisco creates architecture to improve security and sell you new switches

Hypershield detects bad behavior and automagically reconfigures networks to snuff out threats

OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories

While some other LLMs appear to flat-out suck

Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online

CISA calls for 'fundamental, security-focused reforms' to happen ASAP, delaying work on other software

H-1B visa fraud alive and well amid efforts to crack down on abuse

It's the gold ticket favored by foreign techies – and IT giants suspected of gaming the system

Japanese government rejects Yahoo<i>!</i> infosec improvement plan

Just doesn't believe it will sort out the mess that saw data leak from LINE messaging app

Boffins deem Google DeepMind's material discoveries rather shallow

Web titan rejects criticisms, insists AI-found compounds are legit

Intel's neuromorphic 'owl brain' swoops into Sandia labs

Hala Point system crams more than a thousand neurochips into a 6U chassis to tackle real-time AI

Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways

Out of the PAN-OS and into the firewall, a Python backdoor this way comes