CanSecWest 2011 Resource and Media List

Posted on March 13, 2011 by

I had a great time at CanSecWest. I have been following the relevant hashtags on twitter and figured I should toss all the resources and fun media coverage for the event.

I’ll update this as I round things up. Feel free to send me more links via comment or @buulam

Main Sitecansecwest.com
Twitter Hashtags – #csw11, #cansecwest, #pwn2own
Organizer@dragosr

Photos

@effffn’s flickr

@Foxtongue’s flickr

Coverage

Global TV – 15 min mark (24 remaining)

Summaries from @DaveMarcusDay 1Day 2

Pwn2own

Contest Info: http://dvlabs.tippingpoint.com/blog/2010/02/02/pwn2own-2011

Safari/MacBook Air Winners: @VUPEN
- http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358

Internet Explorer Winners: @stephenfewer
- http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
- Video Interview: https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011

iPhone Winner: @0xcharlie
- http://www.zdnet.com/blog/security/charlie-miller-wins-pwn2own-again-with-iphone-4-exploit/8378

Blackberry Winners:
- http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401

Presentations

- Network Application Firewalls vs. Contemporary Threats – Brad Woodberg, Juniper

- Black Box Auditing Adobe Shockwave – Aaron Portnoy, Logan Brown, Tipping Point / H.P. Zero Day Initiative
@aaronportnoy
Slides – PPT

- SMS-o-Death: From Analyzing To Attacking Mobile Phones on a Large Scale – Nico Golde and Collin Mulliner, TU-Berlin
Nico Golde Home Page
@collinrm
Collin Mulliner Home Page
Threatpost.com Coverage

- Runtime Firmware Integrity Verification: What Can Now Be Achieved – Yves-Alexis Perez and Loic Duflot, ANSSI

- The Law of Web Application Hacking – Marcia Hofmann, EFF
@marciahofmann
Slides

- IPv6 Implementation and Security Round Table – A Moderated Disagreement or a Chorus? – David Shinberg, Marc “van Hauser” Heuse, Guillaume Valadon and additional members TBA

- Is Your Gaming Console Safe?: Embedded Devices, an AntiVirus-free Safe Hideout for Malware – DongJoo Ha and KiChan Ahn, AhnLab Inc and Korea Financial Telecommunications & Clearings Institute
DongJoo Ha @ChakYi
KiChan Ahn @Externalist
Slides

- Dymanic Cryptographic Trapdoors – Eric Filiol, ESIEA Laval CVO Lab & French DoD
@efiliol
Slides

- Understanding and Exploiting Flash ActionScript Vulnerabilities – Haifei Li, Fortinet
@HaifeiLi
Slides – PDF

- Chip & PIN is Definitely Broken – Andrea Barisani and Daniele Bianco, Inversepath

- iPhone and iPad Hacking – Ilja van Sprundel, IOActive

- Welcome To Rootkit Country – Graeme Neilson, Aura Software Security

- Project Ubertooth: Building a Better Bluetooth Adapter – Michael Ossmann, Great Scott Gadgets
Michael Ossmann Blog
Project Ubertooth Home Page

- Borken Fonts: The Story of Naive Parsers and Attacker Controlled Reboots – Marc Schönefeld, Red Hat
Lightning Talks

- Deconstructing ColdFusion – Chris Eng & Brandon Creighton, Veracode
@chriseng

- Stale Pointers Are The New Black – Vincenzo Iozzo and Giovanni Gola, Zynamics GmbH
@_snagg (Vincenzo)
Vincenzo blog

- A Castle Made of Sand: Adobe Reader X Sandbox – Richard Johnson, Sourcefire
@richinseattle
Slides can be found here on Richard’s homepage

- Showing How Security Has (And Hasn’t) Improved, After Ten Years Of Trying – Dan Kaminsky, Adam Cecchetti and Mike Eddington, Doxpara & Deja Vu Security
@dakami Dan Kaminsky
fuzzmark.com

- Security Defect Metrics for Targeted Fuzzing – Dustin Duran, Matt Miller, David Weston, Microsoft

- GRAPE: Generative Rule-based Generic Stateful Fuzzing – Nicholas Green, FourteenForty

Tags: , , , , , , ,

Filed Under: security