[pekk]

Speakers drop out all the time.

Or maybe someone didn't want to compromise Tor in public until the Tor project had a chance to address the issues.

[at-fates-hands]

>>> Or maybe someone didn't want to compromise Tor in public until the Tor project had a chance to address the issues.

To some degree, isn't this what the Black Hat conference is all about?

[jackweirdy]

Seems to me the public ousting of projects only happens when they refuse to implement a fix, or deny that something's an issue.

[eat]

Not at all... Black Hat is one of the more commercial, "industry" security conferences out there.

[peterwwillis]

Every year that some controversial BH talk happens that exposes some company's unpatched security vulnerabilities (or even questions the company's integrity), either the talk is pulled, or the talk materials are literally ripped out of the books or CDROMs given to attendees. As soon as a company gets wind that a talk might catch them with their pants down they threaten to file suit and Black Hat pulls the talk.

The Black Hat conference is about promoting the security industry. DEFCON, on the other hand, is about promoting hacker culture. It's a lot more common to see 0-day talks at DEFCON because there's much less industry spotlight [and thus, fewer general business professionals that could get scared by some new attack being announced].

[MacsHeadroom]

No, to some degree BH is about compromising X in public after X has been repeatedly contacted with the necessary details AND given ample time to address the issues.

What these "researchers" were doing was just reckless. When it comes to Tor, lives are on the line. This kind of irresponsible disclosure is abhorrent, at best.

[tptacek]

I don't know what BH you've been attending for the last 10 years, but it's not the one I've been going to.