Apart from official IT Security events, London ethical hackers like to organize monthly meetings such as DC4420 in clubs, sometimes changing their location. In an informal manner they exchange their experience, represent new ideas and technologies.
Posts Tagged ‘London’
We never thought that our participation would bring such kind of trouble (or at least a disappointment).
Monday early morning we came to prepare our stand and apply our wallpapers (yes, we do it ourselves, sort of team building :)). Practically, everything went smoothly, except for the fact that the organizers did not fix our company name board, electricity was not there and finally – we have got less space than we ordered (and paid for) because wall panels were not constructed properly. But after all, [almost] everything was fixed. Unfortunately, we have not made any pictures, but here is how it should look like (by design):
Next morning (the first day of the exhibition) we came to our booth in advance (about half an hour before the exhibition opens). And what we have seen? Two persons (from Reed Exhibitions, the organizers of this event) removing one of the wall papers from our booth – the one that said that we’re doing PGP password recovery. Moreover, we were not able to get the clear answer why they’re doing that, except the fact that “PGP Corporation complained”. And the reference to some “regulations” we still have not seen. We asked for some official paper (act?) about our “violation”, and still waiting for it. When (if?) we’ll get it, we’ll scan it and publish here.
Fortunately, we had the camera handy, and so made several photos of this “process” (removing our wall paper). Organizers (Reed) did not like that, too, and tried to hide their faces from the camera. But they failed, so you can see them now (and the whole “process”):
So we had to put the following note here (fortunately, on one panel only):
Only two hours later, they (Reed Exhibitions Group Event Director) came to our booth and asked to remove this note. Oops, sorry: not asked, just removed. Without explanation. Well, the explanation was: we have the right to do anything here.
What are they (PGP) scared about? I don’t have an answer. Do we say that PGP protection/encryption is not secure? No we don’t. But we DO say that PGP passwords can be cracked – if they are not selected carefully. But if PGP people cannot explain that to their clients – this is not our fault.
Update: see What does "The only way to break into PGP" mean?