I had a great time at CanSecWest. I have been following the relevant hashtags on twitter and figured I should toss all the resources and fun media coverage for the event.
I’ll update this as I round things up. Feel free to send me more links via comment or @buulam
Safari/MacBook Air Winners: @VUPEN
Internet Explorer Winners: @stephenfewer
– Video Interview: https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011
– Network Application Firewalls vs. Contemporary Threats – Brad Woodberg, Juniper
– Runtime Firmware Integrity Verification: What Can Now Be Achieved – Yves-Alexis Perez and Loic Duflot, ANSSI
– IPv6 Implementation and Security Round Table – A Moderated Disagreement or a Chorus? – David Shinberg, Marc “van Hauser” Heuse, Guillaume Valadon and additional members TBA
– Is Your Gaming Console Safe?: Embedded Devices, an AntiVirus-free Safe Hideout for Malware – DongJoo Ha and KiChan Ahn, AhnLab Inc and Korea Financial Telecommunications & Clearings Institute
DongJoo Ha @ChakYi
KiChan Ahn @Externalist
– Chip & PIN is Definitely Broken – Andrea Barisani and Daniele Bianco, Inversepath
– iPhone and iPad Hacking – Ilja van Sprundel, IOActive
– Welcome To Rootkit Country – Graeme Neilson, Aura Software Security
– Borken Fonts: The Story of Naive Parsers and Attacker Controlled Reboots – Marc Schönefeld, Red Hat
– Deconstructing ColdFusion – Chris Eng & Brandon Creighton, Veracode
– Security Defect Metrics for Targeted Fuzzing – Dustin Duran, Matt Miller, David Weston, Microsoft
– GRAPE: Generative Rule-based Generic Stateful Fuzzing – Nicholas Green, FourteenForty
I’ve used an iPhone for the past couple years in a corporate environment, taking over from my long time BlackBerry use. It’s market share growth, combined with the growth of smart phone use has put a target on the iPhone’s back.
This gentleman has compiled a lot of info about the iPhone Security Framework and reviews some vulnerabilities. Worth a read if you’re assessing the technology from a security prospective for use in your environment.
One thing I’m looking forward to this year is a lot of updates from one of my main vendors, Checkpoint.
I’ve got myself registered (in time for the early bird discount) to go to this years conference (Checkpoint Experience) taking place in Las Vegas at the Mandalay Bay in early March.
Some of the main things I will be interested in are:
I’m definitely looking forward to getting as much info as I can and hopefully find an hour or two to have a stroll through the strp! I’ll be sure to post a summary after the conference.