No, try again. You did not "get it straight" at all.
You seem to have a strong (negative) opinion on the matter, yet you demonstrate a very poor grasp of some basic infosec concepts. You should perhaps consider reserving judgement when that is the case.
Not only did he NOT "admit to knowing how to hack banking systems", but he was not presenting anything related to that in Abu Dhabi. He was speaking, ironically enough, on privacy.
Last year he demonstrated a weakness in how website encryption is handled. He did not hack any banks. Banks, among other things, use HTTPS, so the author used them as an easy example. This also does not breach those sites in any way, it just allows for eavesdropping and attacking end users.
Here is why your short-sighted attitude towards legitimate security research is highly foolish. There are people who find and disclose these vulnerabilities and work with vendors to fix them (indeed, Moxie ensured that his bug was fixed before he even went public with it). There are also people who do NOT work to get them fixed, keep them underground, and use them to exploit people.
So, you vilify and harass the guys getting the bugs fixed and they drop out of the game. Who does that leave as the only group in possession of that information? Yeah, now your networks and your infrastructure is getting owned, and there is no one left to tell you how or why.
If you think the "bad guys" DON'T already have this knowledge, and are not using it to their advantage, you are very mistaken.
To say your reply to my opinion was blatantly aggressive (numerous caps) would be an understatement.
Actually, I was quite positive from my point of view. I believe the security officials were acting in their capacity to do so. They treated him with respect, returned his hw and left him with nothing but free publicity.
The fact that PayPal chose to take action as well, shows I am not the only one to hold the opinion that there was probable cause.
You seem to have a strong (negative) opinion on the matter, yet you demonstrate a very poor grasp of some basic infosec concepts. You should perhaps consider reserving judgement when that is the case.
Not only did he NOT "admit to knowing how to hack banking systems", but he was not presenting anything related to that in Abu Dhabi. He was speaking, ironically enough, on privacy.
Last year he demonstrated a weakness in how website encryption is handled. He did not hack any banks. Banks, among other things, use HTTPS, so the author used them as an easy example. This also does not breach those sites in any way, it just allows for eavesdropping and attacking end users.
Here is why your short-sighted attitude towards legitimate security research is highly foolish. There are people who find and disclose these vulnerabilities and work with vendors to fix them (indeed, Moxie ensured that his bug was fixed before he even went public with it). There are also people who do NOT work to get them fixed, keep them underground, and use them to exploit people.
So, you vilify and harass the guys getting the bugs fixed and they drop out of the game. Who does that leave as the only group in possession of that information? Yeah, now your networks and your infrastructure is getting owned, and there is no one left to tell you how or why.
If you think the "bad guys" DON'T already have this knowledge, and are not using it to their advantage, you are very mistaken.