SentinelOne makes YouTube delete Bsides vid 'cuz it didn't like the way bugs were reported

Research silenced amid copyright, trademark claim


Updated If you were at BSides Manchester in England this week, you hopefully caught James Williams' presentation on the shortcomings of some commercial antivirus tools.

If not, and you hoped to watch it on YouTube, you may be out of luck for a while.

That's because one of the vendors mentioned – SentinelOne – is rather upset with the talk, funnily enough titled "Next-gen AV vs my shitty code." To stop people seeing it, the Silicon Valley biz filed a copyright-infringement complaint to make YouTube remove a recording of the presentation from the BSides Manchester channel.

The effort to strip the presentation from the official channel, and out of sight of the internet, worked: at time of writing, the video of Williams' talk has been removed.

Not surprisingly, the takedown complaint is not being met with much sympathy from the security research community, which sees it more as an attempt by an embarrassed vendor to cover up bugs and stamp out unflattering attention.

Williams told El Reg he has yet to hear the reasoning on why the video has been taken down, while BSides Manchester organizers said they are still reviewing the video and claim to work out what got SentinelOne so upset.

For one thing, his presentation did not include any source code nor any other sensitive intellectual property owned by SentinelOne, from what we can tell.

The Register pinged SentinelOne for comment, which in turn revealed it was a tad unhappy with the presentation, something something something, copyright and trademark claim. A spokesperson told us:

We strongly support the work of BSides and participated in the conference earlier this year by sending our own researchers. We're always open to feedback, but we expect that feedback to come through the use of a supported version of our product and this video showed our 1.8.4 version which reached its end of life earlier this year (our notification from March can be found here).

In addition, as we are protecting critical global enterprises, if a party believes there's a bug in our product, we expect them to follow the common disclosure practices in place that protect the entire community.

From a legal perspective, the video breached our terms of service, copyright laws, and trademark laws. It was removed lawfully after being reviewed by YouTube. With that said, we've invited the author to collaborate with us on a supported version and look forward to that opportunity.

El Reg has asked for clarification on what exactly the infringing content was – because a breach of the antivirus maker's terms-of-service is not a valid reason to take down a video – and has yet to hear back at the time of publication. We also asked Williams to comment on SentinelOne's allegations about bug disclosure methods.

And if you want to see what all the fuss is over, Williams gave a very similar talk last month at SteelCon, a hacker gathering in the north of England, which happens to be online here...

Youtube Video

...and you can find the slides and more resources on GitHub over here. ®

Updated to add

The video was restored to YouTube by 10am PT on Saturday.


Other stories you might like

  • US won’t prosecute ‘good faith’ security researchers under CFAA
    Well, that clears things up? Maybe not.

    The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.

    Good-faith, according to the policy [PDF], means using a computer "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability."

    Additionally, this activity must be "carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

    Continue reading
  • Intel plans immersion lab to chill its power-hungry chips
    AI chips are sucking down 600W+ and the solution could be to drown them.

    Intel this week unveiled a $700 million sustainability initiative to try innovative liquid and immersion cooling technologies to the datacenter.

    The project will see Intel construct a 200,000-square-foot "mega lab" approximately 20 miles west of Portland at its Hillsboro campus, where the chipmaker will qualify, test, and demo its expansive — and power hungry — datacenter portfolio using a variety of cooling tech.

    Alongside the lab, the x86 giant unveiled an open reference design for immersion cooling systems for its chips that is being developed by Intel Taiwan. The chip giant is hoping to bring other Taiwanese manufacturers into the fold and it'll then be rolled out globally.

    Continue reading
  • US recovers a record $15m from the 3ve ad-fraud crew
    Swiss banks cough up around half of the proceeds of crime

    The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.

    "This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement

    The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."

    Continue reading

Biting the hand that feeds IT © 1998–2022