FireEye legally censors crucial parts of a researcher’s talk at 44CON
Felix Wilhelm, a researcher with German security firm ERNW, was scheduled to give a talk at 44CON on Thursday about the critical vulnerabilities he and his colleagues found in a FireEye NX device running the webMPS operating system. And he did – but unfortunately part of his talk was ultimately censored by FireEye.
The group discovered the vulnerabilities earlier this year, shared their findings with FireEye, and helped them plug the holes. Once that happened, the group wanted to share their research with the security community. They did so by publishing some detail in September via a newsletter, and scheduled the aforementioned talk with 44CON.
But, at the last moment, Wilhelm had to censor part of his presentation, as FireEye asked the Hamburg regional court and was granted an injunction that prohibited ERNW from publicly sharing details about the software’s architecture.
The company complied, even though they claim that everything they published or wanted to publish about the flaws was reviewed and approved by FireEye. According to Enno Rey, ERNW’s founder, they redacted their original report significantly when asked to do so by FireEye, but felt that the information they included in the presentation was crucial for the audience to understand how the vulnerabilities came to exist.
A FireEye spokeswoman told The Stack that the firm acted the way it did in order to protect its intellectual property and protect their customers. “This was not about stopping them from issuing a report neither the vulnerabilities, it was about protecting intellectual property that they didn’t have a legal right to publish,” she noted, adding that the patches for the flaws are out and their customers are protected.
“The response at the conference has been robust, supportive and consistent: this community does not appreciate misuse of legal process to stifle criticism debate and discussion,” commented Adrian, Event Director and Co-Founder of 44CON.
“When a security company enjoins a speaker from showing basic user interfaces and simple screenshots — things that are routinely part of any talk and squarely qualify as ‘fair use’ — this begins to look more like stifling criticism than protecting intellectual property.”
FireEye has a reputation for aggressively defending the quality of their products, both when it comes to researchers disclosing vulnerabilities they found, and testing labs claiming the company’s products performed badly.
As an interesting sidenote, this week infosec consultant Kristian Erik Hermansen publicly revealed exploit code for a 0-day unauthorized remote root file system access vulnerability affecting the FireEye forensic analysis platform appliance, and claimed he found several other 0-days affecting FireEye/Mandiant products.