Don’t panic! DEF CON warrant canary confusion blamed on ‘CMS mistake’

A recent lapse in DEF CON’s warrant canary being updated on time should not be taken as a sign of a subpoena but was simply due to “human error”, event founder Jeff Moss has confirmed.

Earlier this month, some eagle-eyed hackers noted that DEF CON’s warrant canary failed to update as scheduled, leading to fears of potential law enforcement action such as the seizure of servers or sensitive data.

For those out of the loop, a warrant canary is a statement that’s designed to inform people when an organization has been served with a government subpoena.

In the US and elsewhere, organizations are routinely prohibited from revealing the existence of a subpoena. As a workaround, warrant canaries typically inform users that there has not been any law enforcement action as of a particular date. It is only when the canary is not updated, or if it is removed completely, that users might infer a subpoena has recently been served.

Warrant canaries are found everywhere from libraries to websites and are perhaps most commonly associated with the phrase, ‘The FBI has not been here’.

It’s therefore no surprise that when DEF CON’s warrant canary failed to update this month, the hacker rumor mill started turning. That is until event founder Jeff Moss took to Twitter to confirm that everything was in order.

“Sorry for the concern about the @defcon warrent [sic] canary everyone,” Moss wrote.

“We accidentally clobbered the April 1st canary on April 7th with a CMS sync error. I always thought if something went wrong with our canary it would be human error on our part.”

Offering further details, event spokesperson Melanie Ensign told The Daily Swig: “DEF CON added the warrant canary to its site in 2015. The way it works is that every two weeks we update it so folks know that nothing has happened during the previous two weeks.”

Ensign added: “With the recent CMS change, it was not updated on the regularly scheduled date, which could be interpreted to mean something did happen.”

Canary in the coal mine

Given DEF CON’s staunch focus on privacy – including, of course, the cash-only ticketing system – the amount of data that would be available to authorities in the event of a subpoena is questionable, particularly when compared to other infosec conferences.

Still, attendees will no doubt rest a little easier in the knowledge that all is well behind the scenes at the world’s biggest hacking event.

The DEF CON warrant canary has now been fixed.

A notice on the event’s website reads: “We’re putting some measures in place to avoid this kind of confusion in the future, but rest assured, all is well, and no action has been taken against us.”

DEF CON 29 takes is due to place virtually and in real life as a hybrid event running August 5-8.

Source: https://portswigger.net/daily-swig/dont-panic-def-con-warrant-canary-confusion-blamed-on-cms-mistake