Most Informative Talk: Intelguardians‘ cold memory forensics workshop. They leveraged the Princeton/Wind River/EFF research paper, and created two tools to extract passwords from a memory dump. The tools weren’t released at the conference, but they promise that it will be available soon. Two people from the original research (Jacob Appelbaum and William Paul) was also there, and in an ad-hoc fashion, they took questions from the audience, and showed off some new stuff they created. Josh from Symantec also blogged on the talk.
Honorable Mention: Dan Hubbard and Stephan Chenette’s talk on online reputation. They explained how security effects online reputation, and gave a ton of interesting examples. One example was the still ongoing IFRAME attacks to sites that have search functions.
PWN to OWN Contest: With default client-side application attacks now within the contest scope, it only took a few minutes for Charlie Miller and associates from Independent Security Evaluators to compromised the Apple MacBook Air. The vulnerability was in the Safari web browser, and TippingPoint already disclosed the issue to Apple.
Right after the vulnerability was confirmed by TippingPoint, I posted a message to twitter. And within the hour, Robert McMillan from IDG and Dan Goodin from The Register posted articles. From there, sites like Engadget, Slashdot, TUAW, and many others picked up on the story.
Related Posts: CanSecWest: Day 1 Recap, CanSecWest: Scapy Dojo
[…] general denial, I thought it important to point out that EVERYONE of the attackers (at least in the picture) are running Macbooks! So, while there may exist a […]