Posts Tagged security

CanSecWest 2011 Resource and Media List

Posted on March 13, 2011 by No Comments

I had a great time at CanSecWest. I have been following the relevant hashtags on twitter and figured I should toss all the resources and fun media coverage for the event.

I’ll update this as I round things up. Feel free to send me more links via comment or @buulam

Main Sitecansecwest.com
Twitter Hashtags – #csw11, #cansecwest, #pwn2own
Organizer@dragosr

Photos

@effffn’s flickr

@Foxtongue’s flickr

Coverage

Global TV – 15 min mark (24 remaining)

Summaries from @DaveMarcusDay 1Day 2

Pwn2own

Contest Info: http://dvlabs.tippingpoint.com/blog/2010/02/02/pwn2own-2011

Safari/MacBook Air Winners: @VUPEN
- http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358

Internet Explorer Winners: @stephenfewer
- http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
- Video Interview: https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011

iPhone Winner: @0xcharlie
- http://www.zdnet.com/blog/security/charlie-miller-wins-pwn2own-again-with-iphone-4-exploit/8378

Blackberry Winners:
- http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401

Presentations

- Network Application Firewalls vs. Contemporary Threats – Brad Woodberg, Juniper

- Black Box Auditing Adobe Shockwave – Aaron Portnoy, Logan Brown, Tipping Point / H.P. Zero Day Initiative
@aaronportnoy
Slides – PPT

- SMS-o-Death: From Analyzing To Attacking Mobile Phones on a Large Scale – Nico Golde and Collin Mulliner, TU-Berlin
Nico Golde Home Page
@collinrm
Collin Mulliner Home Page
Threatpost.com Coverage

- Runtime Firmware Integrity Verification: What Can Now Be Achieved – Yves-Alexis Perez and Loic Duflot, ANSSI

- The Law of Web Application Hacking – Marcia Hofmann, EFF
@marciahofmann
Slides

- IPv6 Implementation and Security Round Table – A Moderated Disagreement or a Chorus? – David Shinberg, Marc “van Hauser” Heuse, Guillaume Valadon and additional members TBA

- Is Your Gaming Console Safe?: Embedded Devices, an AntiVirus-free Safe Hideout for Malware – DongJoo Ha and KiChan Ahn, AhnLab Inc and Korea Financial Telecommunications & Clearings Institute
DongJoo Ha @ChakYi
KiChan Ahn @Externalist
Slides

- Dymanic Cryptographic Trapdoors – Eric Filiol, ESIEA Laval CVO Lab & French DoD
@efiliol
Slides

- Understanding and Exploiting Flash ActionScript Vulnerabilities – Haifei Li, Fortinet
@HaifeiLi
Slides – PDF

- Chip & PIN is Definitely Broken – Andrea Barisani and Daniele Bianco, Inversepath

- iPhone and iPad Hacking – Ilja van Sprundel, IOActive

- Welcome To Rootkit Country – Graeme Neilson, Aura Software Security

- Project Ubertooth: Building a Better Bluetooth Adapter – Michael Ossmann, Great Scott Gadgets
Michael Ossmann Blog
Project Ubertooth Home Page

- Borken Fonts: The Story of Naive Parsers and Attacker Controlled Reboots РMarc Sch̦nefeld, Red Hat
Lightning Talks

- Deconstructing ColdFusion – Chris Eng & Brandon Creighton, Veracode
@chriseng

- Stale Pointers Are The New Black – Vincenzo Iozzo and Giovanni Gola, Zynamics GmbH
@_snagg (Vincenzo)
Vincenzo blog

- A Castle Made of Sand: Adobe Reader X Sandbox – Richard Johnson, Sourcefire
@richinseattle
Slides can be found here on Richard’s homepage

- Showing How Security Has (And Hasn’t) Improved, After Ten Years Of Trying – Dan Kaminsky, Adam Cecchetti and Mike Eddington, Doxpara & Deja Vu Security
@dakami Dan Kaminsky
fuzzmark.com

- Security Defect Metrics for Targeted Fuzzing – Dustin Duran, Matt Miller, David Weston, Microsoft

- GRAPE: Generative Rule-based Generic Stateful Fuzzing – Nicholas Green, FourteenForty

iPhone’s Business Security Framework

Posted on June 1, 2010 by No Comments

I’ve used an iPhone for the past couple years in a corporate environment, taking over from my long time BlackBerry use. It’s market share growth, combined with the growth of smart phone use has put a target on the iPhone’s back.

This gentleman has compiled a lot of info about the iPhone Security Framework and reviews some vulnerabilities. Worth a read if you’re assessing the technology from a security prospective for use in your environment.

Bernd Marienfeldt – iPhone Business Security Framework

Early bird gets… the discount

Posted on January 31, 2009 by No Comments

One thing I’m looking forward to this year is a lot of updates from one of my main vendors, Checkpoint.

I’ve got myself registered (in time for the early bird discount) to go to this years conference (Checkpoint Experience) taking place in Las Vegas at the Mandalay Bay in early March.

Some of the main things I will be interested in are:

  • Closure of Checkpoint’s purchase of Nokia’s Security division and some direction on where they are going with that. I have heard some things through the grapevine and am anxious to find out.
  • Release of VPN-1 R70. Checkpoint’s minor releases are nothing to overlook so a major release is always really exciting. From the new CPX website, I think it’s a pretty sure indicator that this is coming.
  • Further integration of Endpoint Security/PointSec/Integrity, IPS-1 into the core of Checkpoint. They’ve acquired some great products over the past few years and one of Checkpoint’s many strengths has been its ability to streamline management so I hope they can get everything all wrapped into a nice neat SmartDashboard.

I’m definitely looking forward to getting as much info as I can and hopefully find an hour or two to have a stroll through the strp! I’ll be sure to post a summary after the conference.

Cheers

-buu