OLDaily
By Stephen Downes
April 15, 2003

Court Blocks Security Conference Talk
It's hard to say which is more ridiculous, the idea that Blackboard thought that the two students constituted "competition" or that Blackboard felt that the best response to a security breach - apparently known since last September - was to file a lawsuit banning a conference presentation.

By John Borland, CNet, April 14, 2003 [Refer][Research][Reflect]

Cease and Desist Letter Sent to Interz0ne II
Text of the order sent to Interzone conference organizers and the presenters barring the talk. "Blackboard hereby requests that you immediately cease and desist from any disclosure of information noted above, or any facilitation of that disclosure, including but not limited to, the disclosure of signals captured, the releasing of code, the development of functional readers, and hardware specs to wire the readers and control circuits." By Gregory S. Smith, Sutherland, Asbill, & Brennan, LLP, April 11, 2003 [Refer][Research][Reflect]

Backboard, Inc. v Billy Hoffman and Virgil Griffith - Verified Complaint
PDF of the complaint filed by Blackboard. Quoting Hoffman: "If Blackboard doesn't make their system more secure, or tell people how to secure it, I'll simply make compatible ones myself and give them away." By Superior Court of Dekalb County, State of Georgia, April 14, 2003 [Refer][Research][Reflect]

Backboard, Inc. v Billy Hoffman and Virgil Griffith - Order
PDF of the restraining order filed by a Georgia court. By Superior Court of Dekalb County, State of Georgia, April 12, 2003 [Refer][Research][Reflect]

CampusWide: Overview and Exploits
Google cache version of the Power Point slides accompanying the talk. The original has been taken down as a result of the court order (do I even need to comment about how futile a gesture that was?). Note: because the CSS is not captured by the Google cache, you need to click on 'Edit' - "Select All' in order to view the text (in Internet Explorer). The slides provide a pretty detailed description of the vulnerabilities. By Acidus, Interz0ne, April 11, 2003 [Refer][Research][Reflect]

Blackboard Campus IDs: Security Thru Cease & Desist
Slashdot article (good read) and discussion of the case. "On Saturday, instead of the talk, attendees got to hear an Interz0ne official read the Cease and Desist letter sent by corporate lawyers. The DMCA, among other federal laws including the Economic Espionage Act, were given as the reasons for shutting down the talk. I spoke with Virgil this morning. Virgil was there two years ago when Dmitri Sklyarov was arrested and led away in handcuffs at Def Con 9. He's not in handcuffs now, but in speaking to me, he had to stop and think about everything he said, and every third answer was 'I really shouldn't talk about that.'" By jamie, Slashdot, April 14, 2003 [Refer][Research][Reflect]

Acidus.Org
Personal website of one of the students involved with an outline of the proposed talk. Note that the student previously talked on the same subject in September, 2002. "The signals to and from several BlackBoard readers have been captured, as well as how data is stored on the cards. Using this knowledge Virgil and I have created a drop-in compatible reader, that will work with an existing RS-485 network. Computer code to emulate any reader made as well as hardware specs to wire the readers and control circuits will be launched. By Acidus, April, 2003 [Refer][Research][Reflect]

InterZone
Conference website. By Various Authors, April, 2003 [Refer][Research][Reflect]

Know a friend who might enjoy this newsletter?

Feel free to forward OLDaily to your colleagues. If you received this issue from a friend and would like a free subscription of your own, you can join our mailing list at http://www.downes.ca/cgi-bin/website/subscribe.cgi

[ About This NewsLetter] [ OLDaily Archives] [ Send me your comments]

Copyright © 2003 Stephen Downes
This work is licensed under a Creative Commons License.