CanSecWest Day 3 – PWN2OWN update – Vista pwnd

EDIT:  So during my presentation today (the 2nd to last one of the day) I guess Shane ended up pwning the Vista box and winning it: http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up  My presentation ran a little long and Dragos is awesome and lets you run long if you need extra time but then I felt bad and had to…

4

CanSecWest Day 2 – Part 2

Have I mentioned yet how much CanSecWest rocks?  Dragos seems to have thought of everything.  Since many people stay out late at night networking and socializing and sometimes find it challenging to get up at 7:30am to make the 8-9am breakfast – Dragos offers ‘second breakfast’ from 10-10:30am . . . and the food was…

0

And the Mac falls within 10 minutes on day 2.

So Dragos just announced before lunch that within 10 minutes of opening Day 2 of the pwn2own contest – the Mac has fallen.  Wonder what took so long? 🙂  UPDATE:  Just talked with Dragos – the finder is signing with ZDI to get paid – so no vuln details for us.  But we DO know…

1

CanSecWest – Day 2 Part 1

This morning we started off with a talk on Mobitex from a Toolcrypt guy (OlleB).  Olle was a very relaxed speaker with very good English (given that he hails from Stockholm) although the talk was a bit dry and not super interesting for me.  Mobitex as it turns out is a wireless data protocol that’s…

0

Well done Apple – Safari 0wns!

Not only did it take less than a week (as it did with the beta release) to find critical vulns in Safar 3.1 for Windows – but they managed to violate their own EULA by distributing it to approximately 500m Windows users in the first place! http://apple.slashdot.org/article.pl?sid=08/03/27/129236&from=rss I’m not sure how they could have screwed…

1

CanSecWest Day 1

Random thoughts: Haven’t seen the sun since like . . . Monday morning. Driving to Canada sucks in the rain.  Multiple accidents inside the 12 or so miles I had to drive in Canada made the Canadian part of the trip about as long as the U.S. part of the trip resulting in about a…

1

Apple offering free attack surface increase to Windows users.

This is hugely irresponsible of Apple IMHO: http://blogs.zdnet.com/Bott/?p=405&tag=nl.e622 As history has taught us – browsers are not trivial applications to write securely and they are the primary conduit by which badness often enters your PC.  Apple is offering Safari for Windows via their automatic updates mechanism and they are making sure that it’s *selected by default*. …

0

The web is broken . . .

A friend of mine made a comment to me the other day that said exactly that – and now we have the creator of JSON saying the same thing: http://www.internetnews.com/dev-news/article.php/3735341 Amen brother . . .

0

Cybercrime alliance?

It’s about damned time: http://www.networkworld.com/community/node/26144 http://www.fbi.gov/page2/march08/cybergroup_031708.html And you know it’s gonna be a success because they’ve got the Mounties involved!  He he he . . . jeez I crack myself up.Oh crap – I’m going to Canada next week . . . I’m so getting frisked (or worse) at the border. 🙂

0

Mass SQL injection coming to an IIS + ASP server near you . . .

My friend Neil has a pretty good post on the mass SQL injection stuff that was reported in the press recently. http://blogs.technet.com/neilcar/archive/2008/03/14/anatomy-of-a-sql-injection-incident.aspx  

0