Security researcher assaulted after disclosing loyalty kiosk vulnerability
Quote:Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.
https://www.secjuice.com/security-researcher-assaulted-ice-atrient/
Absolutely fantastic article. Phone recordings and all.
Quote: gamerfreakQuote:Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.
https://www.secjuice.com/security-researcher-assaulted-ice-atrient/
Absolutely fantastic article. Phone recordings and all.
Some people just don't know how to shut their yaps and take the money.
the FBI and then get accused of a hacking
crime by the faulty company. I don't
think people who commit crimes usually
get the FBI involved.
The CEO looks and acts like an arrogant
sot.
Quote: MaxPenQuote: gamerfreakQuote:Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.
https://www.secjuice.com/security-researcher-assaulted-ice-atrient/
Absolutely fantastic article. Phone recordings and all.
Some people just don't know how to shut their yaps and take the money.
it says they were "white hats" and after this i would completely understand why they become blackhats.
you call someone something enough they become it. these people followed the rules and look where it gets them? the casino owners are too valuable to make this into a big deal, which is why they will fight to the end to make them look bad. too bad for the casino owners these guys are smarter than them
Quote: MaxPenQuote: gamerfreakQuote:Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.
https://www.secjuice.com/security-researcher-assaulted-ice-atrient/
Absolutely fantastic article. Phone recordings and all.
Some people just don't know how to shut their yaps and take the money.
These people get paid far more than $60k to attempt to penetrate enterprise systems.
Your reputation is everything in that industry. If you take a “bounty” for reporting a serious vulnerability that does not get fixed, it’s no longer a bounty, it just becomes hush money. And when (not if) this gets exploited by actual criminals, you do not want to be in the position of taking what is essentially a bribe.
Quote: gamerfreak
These people get paid far more than $60k to attempt to penetrate enterprise systems.
Your reputation is everything in that industry. If you take a “bounty” for reporting a serious vulnerability that does not get fixed, it’s no longer a bounty, it just becomes hush money. And when (not if) this gets exploited by actual criminals, you do not want to be in the position of taking what is essentially a bribe.
Didn’t the company offer the money? If so I bet they said it without knowing they were being recorded and when they lawyer talked to the company it probably went something like “I don’t see someone who was penetration testing I see some one who illegally accessed your server without your permission who is now ransoming your servers safety for 60000 dollars prove me wrong in court”
Quote: heatmapDidn’t the company offer the money? If so I bet they said it without knowing they were being recorded and when they lawyer talked to the company it probably went something like “I don’t see someone who was penetration testing I see some one who illegally accessed your server without your permission who is now ransoming your servers safety for 60000 dollars prove me wrong in court”
Yes, this is the direct quote from Antrient’s COO:
“The information you have shared with us is fantastic, we're really impressed by what you have done here and we would like to actually own this information. How do we make that happen?”
They were then offered $60k in exchange for signing an NDA. But the payment was never made, and security holes never fixed.
These kiosks are used in hundreds of casinos, including CRT properties.
