An infosec conference talk was allegedly canceled due to a ‘cease and desist’ demand

Xerox legal threat reportedly silences researcher at Infiltrate security conference

A legal demand has allegedly prevented a security conference speaker from holding a talk on Xerox printers.

On February 18, a copy of a notice published by Infiltrate security conference organizers was posted to Twitter. The statement revealed that a planned talk by Raphaël Rigo, a security researcher from Airbus Security Lab, was canceled.

The presentation was due to happen on February 18 at 11:00 EST. However, with what appeared to be less than an hour to go, Infiltrate said the event was canceled and “apologized for the inconvenience”.

Cease and desist

“I regret to inform you that we received notification this morning that ‘pending legal action’ we cannot present Raphaël’s Xerox research,” the notice from Infiltrate reads.

“Sadly, we must cancel the event today. We must cease and desist publication, presentation, and discussions related to the content of Raphaël’s talk.”

Notice of the talk cancellation was posted on Twitter

“Though we are saddened that we must cancel the event today, we hope that the issues can be resolved and we will be able to reschedule in the near future.”

The talk was titled ‘Attacking Xerox Multifunction Printers’. A summary of the presentation describes the talk as “cover[ing] our research on exploiting three Xerox MFP lines: WorkCentre, AltaLink, and VersaLink, exposing critical vulnerabilities and giving a few tips on how to secure them”.

RECOMMENDED Cybersecurity conferences 2021: A schedule of virtual, and potentially in-person events

In 2020, the security team disclosed the existence of alleged security vulnerabilities to Xerox, as described by Airbus.

In the security advisories published by Xerox, the company had previously thanked the Airbus security team for reporting security issues.

Xerox has not responded to multiple requests for comment made by The Daily Swig. Rigo and Infiltrate have not responded to requests for comment.

READ MORE Data analytics agency Polecat held to ransom after server exposed 30TB of records