“Major security flaw in virtual reality porn app SinVR exposes the perverted secrets of 20,000 users.”

This was the headline which ran in The Daily Mail after Digital Interruption discovered a security vulnerability in a virtual reality porn application in January 2018. But the headline didn’t tell the true story.

The media attention, although brief, got more ridiculous by the day. It quickly became clear that sex, not security, was why the press was interested in this story.

When it comes to vulnerability disclosure, with no mandatory process researchers often get stuck. If they can’t engage with the vendor directly, they are forced to either sit on the vuln, fully disclose (typically via 280 characters), or turn to the media for help.

In a media climate that changes narratives and sensationalises stories for clicks and follows how does this translate for security. How do we instil trust in our industry when stories are twisted and there is little recourse for the researcher, especially when they know the law does not protect them?

This talk will discuss how the media use narratives to twist stories and the impact this has on security. We will discuss real cases with real outcomes and look at how communication and trust between InfoSec and the press might be improved.

Comments

Comments are closed.

Jason at 11:58 on 20 Oct 2019

Very interesting, but couldn't stay for the full hour (it was only showing as 30mins on the schedule).

Tim Gibbon at 12:18 on 20 Oct 2019

Good discussion on the media versus the reality.

Andrew Howe at 17:49 on 20 Oct 2019

Enjoyed the discussion, which had a different perspective than I'd expected. An interesting examination of the human aspects and consequences of the media's handling and reporting of tech stories. Thanks to Catherine and Saskia for putting on the talk.