gamerfreak
gamerfreak
Joined: Dec 28, 2014
  • Threads: 43
  • Posts: 2827
February 7th, 2019 at 1:04:05 PM permalink
Quote:

Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.



https://www.secjuice.com/security-researcher-assaulted-ice-atrient/

Absolutely fantastic article. Phone recordings and all.
rxwine
rxwine
Joined: Feb 28, 2010
  • Threads: 157
  • Posts: 8413
February 7th, 2019 at 1:27:00 PM permalink
The kind of thing that makes you think bankruptcy, being ruined, and fines are just what some people need.
One person's freedom is another person's annoying crap.
gordonm888
gordonm888
Joined: Feb 18, 2015
  • Threads: 30
  • Posts: 1665
February 7th, 2019 at 1:48:47 PM permalink
Very illuminating example of the kind of reaction (lying, smear campaign, etc.) that some companies will take when they are confronted by a revelation that is potentially damaging to their business.
MaxPen
MaxPen
Joined: Feb 4, 2015
  • Threads: 12
  • Posts: 2900
February 7th, 2019 at 2:04:56 PM permalink
Quote: gamerfreak

Quote:

Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.



https://www.secjuice.com/security-researcher-assaulted-ice-atrient/

Absolutely fantastic article. Phone recordings and all.



Some people just don't know how to shut their yaps and take the money.
"We defeated a very corrupt establishment and we kept our promise to the American people and it is driving them crazy. Today, our movement and our country are thriving. Their fraud has been exposed and the credibility of those who pushed this hoax is forever broken. And they have now got big problems" - Your President Trump
jackmagic777
jackmagic777
Joined: Jan 11, 2019
  • Threads: 1
  • Posts: 161
February 7th, 2019 at 2:25:23 PM permalink
That's what I keep telling Zen King.
EvenBob
EvenBob
Joined: Jul 18, 2010
  • Threads: 418
  • Posts: 22627
February 7th, 2019 at 2:31:43 PM permalink
Great article. So the security people call
the FBI and then get accused of a hacking
crime by the faulty company. I don't
think people who commit crimes usually
get the FBI involved.

The CEO looks and acts like an arrogant
sot.
"It's not enough to succeed, your friends must fail." Gore Vidal
heatmap
heatmap
Joined: Feb 12, 2018
  • Threads: 73
  • Posts: 488
February 7th, 2019 at 2:40:51 PM permalink
Quote: MaxPen

Quote: gamerfreak

Quote:

Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.



https://www.secjuice.com/security-researcher-assaulted-ice-atrient/

Absolutely fantastic article. Phone recordings and all.



Some people just don't know how to shut their yaps and take the money.



it says they were "white hats" and after this i would completely understand why they become blackhats.

you call someone something enough they become it. these people followed the rules and look where it gets them? the casino owners are too valuable to make this into a big deal, which is why they will fight to the end to make them look bad. too bad for the casino owners these guys are smarter than them
gamerfreak
gamerfreak
Joined: Dec 28, 2014
  • Threads: 43
  • Posts: 2827
February 8th, 2019 at 3:59:14 AM permalink
Quote: MaxPen

Quote: gamerfreak

Quote:

Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.



https://www.secjuice.com/security-researcher-assaulted-ice-atrient/

Absolutely fantastic article. Phone recordings and all.



Some people just don't know how to shut their yaps and take the money.



These people get paid far more than $60k to attempt to penetrate enterprise systems.

Your reputation is everything in that industry. If you take a “bounty” for reporting a serious vulnerability that does not get fixed, it’s no longer a bounty, it just becomes hush money. And when (not if) this gets exploited by actual criminals, you do not want to be in the position of taking what is essentially a bribe.
heatmap
heatmap
Joined: Feb 12, 2018
  • Threads: 73
  • Posts: 488
February 8th, 2019 at 4:59:09 AM permalink
Quote: gamerfreak


These people get paid far more than $60k to attempt to penetrate enterprise systems.

Your reputation is everything in that industry. If you take a “bounty” for reporting a serious vulnerability that does not get fixed, it’s no longer a bounty, it just becomes hush money. And when (not if) this gets exploited by actual criminals, you do not want to be in the position of taking what is essentially a bribe.



Didn’t the company offer the money? If so I bet they said it without knowing they were being recorded and when they lawyer talked to the company it probably went something like “I don’t see someone who was penetration testing I see some one who illegally accessed your server without your permission who is now ransoming your servers safety for 60000 dollars prove me wrong in court”
gamerfreak
gamerfreak
Joined: Dec 28, 2014
  • Threads: 43
  • Posts: 2827
February 8th, 2019 at 5:06:22 AM permalink
Quote: heatmap

Didn’t the company offer the money? If so I bet they said it without knowing they were being recorded and when they lawyer talked to the company it probably went something like “I don’t see someone who was penetration testing I see some one who illegally accessed your server without your permission who is now ransoming your servers safety for 60000 dollars prove me wrong in court”


Yes, this is the direct quote from Antrient’s COO:

“The information you have shared with us is fantastic, we're really impressed by what you have done here and we would like to actually own this information. How do we make that happen?”

They were then offered $60k in exchange for signing an NDA. But the payment was never made, and security holes never fixed.

These kiosks are used in hundreds of casinos, including CRT properties.

  • Jump to: