Florencio Benson

Router maker Juniper Networks has barred one of the company's security researchers from discussing security flaws in Automated Teller Machines after an ATM maker threatened legal action.

Staff Security Researcher Barnaby Jack had been set to deliver a July 30 talk entitled "Jackpotting Automated Teller Machines" at the Black Hat security conference in Las Vegas. But Jack abruptly asked conference organizers to pull the talk on Monday, according to Black Hat Director Jeff Moss. The talk has also been pulled from Black Hat's sister conference, Defcon, he added.

News of the cancellation was first reported by security news site Risky.Biz.

In a statement, Juniper said Tuesday that it made Jack withdraw the talk after an ATM vendor expressed concern that Jack's research could be misused. "Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack's presentation until all affected vendors have sufficiently addressed the issues found in his research," Juniper said.

Neither Juniper nor Moss would name the ATM maker that Jack had been studying, but Juniper says it is reaching out to other vendors as well to share information.

According to Jack's description of the talk on the Defcon site, he had found a vulnerability in the underlying software used to run "a line of popular new model ATMs."

"I've always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine," the Juniper researcher wrote. "I think I've got that kid beat."

The presentation was supposed to "explore both local and remote attack vectors, and finish with a live demonstration of an attack on an unmodified, stock ATM."

According to a source familiar with the situation, Jack had been working with the vendor for the past nine months, but the ATM maker grew concerned that Jack's talk would lead to some bad publicity.

Black Hat talks have been pulled in the past because of legal threats. In 2005 researcher Michael Lynn was told by his employer, Internet Security Systems, to pull a Black Hat talk on router vulnerabilities after Cisco Systems threatened to sue him. Lynn quit and gave the talk anyway.

Within months, he was hired by Juniper.

Organizers of the upcoming OpenSource World conference broadened the event program and are offering free admission, hoping to attract more attendees in a time of slashed travel budgets and increased competition from similar shows.

The conference was previously known as LinuxWorld. This year's event is scheduled for Aug. 11-13 in San Francisco's Moscone Center.

Key topics will include Drizzle, a database project based on the MySQL codebase, mobile development and security, said event chairman Don Marti. The CloudWorld and Next Generation Data Center events will run concurrently with OpenSource World.

But perhaps the most telling change is the decision to drop admission charges for qualified IT professionals and to instead gain revenue solely from sponsorships.

Organizers have implemented a qualifying process in order to weed out marketing staffers from vendors that aren't exhibiting at the show, but might be interested in attending to check out the competition, Marti said.

"The kind of people the program committee wants to reach are those hardcore sysadmins and working IT managers," he said.

"We want them to get something out of it that they can take back to the office," Marti added. "This is not just a high-level strategy show."

What's not yet clear is how many such individuals the event will attract, given that the global economic recession has put a damper on tech trade-show attendance overall in recent months.

Current attendance figures for the event, which is backed by IDG World Expo, a division of IDG News Service's parent corporation, weren't immediately available Thursday.

"Every show in the whole IT market is in trouble," Marti said. "Travel budgets are tight and training budgets are tight. ... This show's affected by the same conditions as other shows."

There is also a great deal of competition from other open-source events, such as LinuxCon, he added.

But OpenSource World nonetheless has "a good long-term story," he said.

Microsoft has expanded its HealthVault e-health service to Canada through a partnership with Telus, marking the first time HealthVault will be available outside the U.S.

Telus, a telecommunications company based in Toronto, is licensing HealthVault and plans to set up a service for Canadians based on it called Telus Health Space, powered by Microsoft HealthVault, the companies said this week.

The service will make it possible for people in Canada to manage and store their personal health information online and have access in one place to applications to manage personal health records as well as help them with chronic disease management, pediatric care and wellness products, the companies said. HealthVault is Microsoft's online repository for personal health-care information and records.

Telus plans to make Health Space available to governments, health regions, hospitals, insurers and employers who want to offer a consumer health platform to their citizens and patients. Microsoft is working with Telus to find developers, application providers and device manufacturers to create software and devices compatible with Health Space. The companies did not say when the service would be available.

Indeed, ready access to personal health-care information has been a perennial problem, especially for people in the U.S. In fact, the findings of a two-year study published recently in a paper in the Journal of Medical Internet Research found that people generally feel disconnected from their health-care information and are interested in being given access to it through a personally controlled health-record system, of which HealthVault if one.

However, the study found that people do not entirely trust the companies and individuals that oversee the storage and maintenance of their records. The study, which polled 300 people ranging in age from 18 to 83, found that people had concerns about the quality, accuracy and point of responsibility for maintaining their health-care records, and also expressed uncertainty about appropriate and safe access policies for third parties that might be reading and editing the records.

About two years ago Microsoft re-evaluated its offerings for the health-care industry. The company directed its efforts to bridging the information gap between enterprise companies, such as health-insurance providers, and patients through an online system that allows them to share information securely over the Web. Microsoft came up with HealthVault to solve that problem. Competitor Google also is piloting similar offerings.

Since it first launched HealthVault in late 2007, Microsoft has been briskly setting up partnerships with large health-care providers in the U.S. to make the service available to as many people as possible. The Mayo Clinic recently launched the first widely available e-health information service for HealthVault with its Mayo Clinic Health Manager service. Kaiser Permanente and New York Presbyterian Hospital, among others, also are testing services built using HealthVault.