Posts Tagged: security

CanSecWest 2011 Resource and Media List

I had a great time at CanSecWest. I have been following the relevant hashtags on twitter and figured I should toss all the resources and fun media coverage for the event.

I’ll update this as I round things up. Feel free to send me more links via comment or @buulam

Twitter Hashtags – #csw11, #cansecwest, #pwn2own


@effffn’s flickr

@Foxtongue’s flickr


Global TV – 15 min mark (24 remaining)

Summaries from @DaveMarcusDay 1Day 2


Contest Info:

Safari/MacBook Air Winners: @VUPEN

Internet Explorer Winners: @stephenfewer
Video Interview:

iPhone Winner: @0xcharlie

Blackberry Winners:


– Network Application Firewalls vs. Contemporary Threats – Brad Woodberg, Juniper

– Black Box Auditing Adobe Shockwave – Aaron Portnoy, Logan Brown, Tipping Point / H.P. Zero Day Initiative
Slides – PPT

– SMS-o-Death: From Analyzing To Attacking Mobile Phones on a Large Scale – Nico Golde and Collin Mulliner, TU-Berlin
Nico Golde Home Page
Collin Mulliner Home Page Coverage

– Runtime Firmware Integrity Verification: What Can Now Be Achieved – Yves-Alexis Perez and Loic Duflot, ANSSI

– The Law of Web Application Hacking – Marcia Hofmann, EFF

– IPv6 Implementation and Security Round Table – A Moderated Disagreement or a Chorus? – David Shinberg, Marc “van Hauser” Heuse, Guillaume Valadon and additional members TBA

– Is Your Gaming Console Safe?: Embedded Devices, an AntiVirus-free Safe Hideout for Malware – DongJoo Ha and KiChan Ahn, AhnLab Inc and Korea Financial Telecommunications & Clearings Institute
DongJoo Ha @ChakYi
KiChan Ahn @Externalist

– Dymanic Cryptographic Trapdoors – Eric Filiol, ESIEA Laval CVO Lab & French DoD

– Understanding and Exploiting Flash ActionScript Vulnerabilities – Haifei Li, Fortinet
Slides – PDF

– Chip & PIN is Definitely Broken – Andrea Barisani and Daniele Bianco, Inversepath

– iPhone and iPad Hacking – Ilja van Sprundel, IOActive

– Welcome To Rootkit Country – Graeme Neilson, Aura Software Security

– Project Ubertooth: Building a Better Bluetooth Adapter – Michael Ossmann, Great Scott Gadgets
Michael Ossmann Blog
Project Ubertooth Home Page

РBorken Fonts: The Story of Naive Parsers and Attacker Controlled Reboots РMarc Sch̦nefeld, Red Hat
Lightning Talks

– Deconstructing ColdFusion – Chris Eng & Brandon Creighton, Veracode

– Stale Pointers Are The New Black – Vincenzo Iozzo and Giovanni Gola, Zynamics GmbH
@_snagg (Vincenzo)
Vincenzo blog

– A Castle Made of Sand: Adobe Reader X Sandbox – Richard Johnson, Sourcefire
Slides can be found here on Richard’s homepage

– Showing How Security Has (And Hasn’t) Improved, After Ten Years Of Trying – Dan Kaminsky, Adam Cecchetti and Mike Eddington, Doxpara & Deja Vu Security
@dakami Dan Kaminsky

– Security Defect Metrics for Targeted Fuzzing – Dustin Duran, Matt Miller, David Weston, Microsoft

– GRAPE: Generative Rule-based Generic Stateful Fuzzing – Nicholas Green, FourteenForty

iPhone’s Business Security Framework

I’ve used an iPhone for the past couple years in a corporate environment, taking over from my long time BlackBerry use. It’s market share growth, combined with the growth of smart phone use has put a target on the iPhone’s back.

This gentleman has compiled a lot of info about the iPhone Security Framework and reviews some vulnerabilities. Worth a read if you’re assessing the technology from a security prospective for use in your environment.

Bernd Marienfeldt – iPhone Business Security Framework

Early bird gets… the discount

One thing I’m looking forward to this year is a lot of updates from one of my main vendors, Checkpoint.

I’ve got myself registered (in time for the early bird discount) to go to this years conference (Checkpoint Experience) taking place in Las Vegas at the Mandalay Bay in early March.

Some of the main things I will be interested in are:

  • Closure of Checkpoint’s purchase of Nokia’s Security division and some direction on where they are going with that. I have heard some things through the grapevine and am anxious to find out.
  • Release of VPN-1 R70. Checkpoint’s minor releases are nothing to overlook so a major release is always really exciting. From the new CPX website, I think it’s a pretty sure indicator that this is coming.
  • Further integration of Endpoint Security/PointSec/Integrity, IPS-1 into the core of Checkpoint. They’ve acquired some great products over the past few years and one of Checkpoint’s many strengths has been its ability to streamline management so I hope they can get everything all wrapped into a nice neat SmartDashboard.

I’m definitely looking forward to getting as much info as I can and hopefully find an hour or two to have a stroll through the strp! I’ll be sure to post a summary after the conference.