Interact with the security community
CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
The conference is single track, with one hour presentations over the duration beginning at 9:00 a.m. The registration fee includes the catered meals, and there will be a vendor display and lounge/eating area, where wireless internet access will be available (as well as in the speaking theater). The conference discount hotel room booking system can be found here.
The Call For Papers for CanSecWest 2010 on March 22-26, is now open. The submission deadline is November 30th, 2009. We have a new online submissions system that will be available soon. Watch for notices here regarding its availability.
Slides are being posted here.
Well after much discussion and deliberation here is the final cut at scenarios for the PWN2OWN competitions.
Browsers and Associated Test Platform
Vaio - Windows 7
Day 1: Default install no additional plugins. User goes to link.
Day 2: flash, java, .net, quicktime. User goes to link.
Day 3: popular apps such as acrobat reader ... User goes to link
What is owned? - code execution within context of application
Phones (and associated test platform)
- Android(Dev G1)
- iPhone(locked 2.0)
- Windows Mobile (HTC Touch)
Day 1 (Raw functionality out of the box, users configured for service) post phone, post email
- Email (arrival only)
- wifi on if default
- bluetooth on if default
- Radio stack
- All of Day 1
- Email/SMS/MMS (reading only - no secondary actions)
- wifi on
- bluetooth on (not accept pairing by default. Paired with a headset. pairing process not visible)
- All of Day 1 and 2
- one level of user interaction with default applications
- bluetooth on (not accept pairing by default. Paired with a headset/other devices upon request. pairing process visible)
What is owned? Must demonstrate...
- loss of information (user data)
- incur financial cost
- 30 minute slots
- Names submitted and then randomly drawn
- 1st pop eligible box and cash
- Follow on pops eligible $
- All must disclose and have exploit validated.
- Lottery will be done for time-slot location.
- Register on ZDI if you want the $
- Sign ZDI NDA
- Infrastructure attack will get you escorted out of the building.
- ZDI/Dragos have final say.
The celebration of our tenth year and the social event for the conference will be held on Thursday March 19th. It will be the highest altitude congregation of computer researchers yet... at 11,000' elevation - it will be held at Grouse Mountain Chalet. After the lightning talks buses will be leaving every 30 minutes (starting at 19:00) from the Sheraton Wall Center and take people up to the Grouse Gondola Base Station, where the gondolas leave every 15 min (capacity 100) for the 8 minute ride pretty much straight up. Sunset that day should be at 19:22, which leaves a pretty spectacular view overlooking the city, the ocean, Vancouver Island, and the sunset if it is a clear day. The buses will use the same schedule on return and the Chalet will be upen until 12:30. Tickets are limited. DJ's T.B.A.
We are also happy to announce that our Chinese speaker "icbm" was approved for his Canadian entry visa on his second application, so he will be available to give us his fascinating overview of the infosec landscape across the Pacific.
Some more talks have been added to the agenda:
Writing User Friendly Exploits - Skylar Rampersaud, Immunity
Alexander Sotirov's and Jacob Appelbaum's SSL paper "Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate" has been published today.
Today @ryannarraine twitterred this bit of gossip from Boston: 'dino's planning a "really crazier demo" of exploit at cansecwest. plan is to make os x a "first class" target in metasploit'. Follow us on twitter at @secwest (where conference notices will be posted real-time during the conference), and @dragosr.
Dragos just recently received a copy of Dino's and Charlie's new book "The Mac Hacking Handbook" which apparently inadvertently released some vulnerabilities - we'll see if Apple can patch them before next week :-). But odds are if you do discover it in the book, it you probably won't be able to claim a PWN2OWN prize with it. It probably doesn't count as unreleased - we are waiting for a ruling from contest judges on that. Stand by for a review from dr of the book to be published soon. (dr says: 'They got my attention when some of the exploit examples in the book list "Dragos Ruiu's Macintosh" as the target' :-)
(p.s. If you folks haven't seen this yet... here is one of the coolest mobile phone hacks we've seen in a while.)
Some late announcements, a new paper:
Sniff keystrokes with lasers/voltmeters: Side Channel Attacks Using Optical Sampling of Mechanical Energy Emissions and Power Line Leakage - Andrea Barisani and Daniele Bianco, Inverse Path
Some more details about mobile targets:
- Symbian: targets will include (but not be limited to if we can scrounge more test platforms to borrow from people)
- Nokia E61 - with whatever firmware is latest available on Nokia site tomorrow (we'll update version here when known :-)
- Nokia N95 - same deal on firmware
- Android: T-Mobile G1 running Android RC33 (the most recent version used by T-Mobile US customers). The radio will be unlocked so we can use a Canadian carrier's sim.
Also Rich Cannings from Google will be on hand and made this generous offer:
I will most likely bring an Android Developer Phone (ADP1) with a recent open source Android build on it. Maybe we could give this away for the most creative hack on any device? This device will be much easier to hack since root access is gained through simply typing "su".
- WinMo: HTC Touch Pro.
- RIM: Please stand by.
- iPhone: Stock (not unlocked) Rogers iPhone running firmware 2.2
On the browser side, we will be running the latest bleeding edge version of each browser platform we can get our hands on (Yes that means the Safari 4 beta, the latest build of IE8 we can get our hands on, and the upcoming FireFox release) on each of the two prize laptops (for the corresponding multi-os browsers). We will wipe the laptops and restore them to their factory conditions after the contest.
On the social agenda side of things, our rf-lab toting, 3d camera tracking wizard, Marc Alfonso, who moonlights as a ski patroller and medic on Grouse, will be taking a group to ski by the moonlight (and other lighting) at Grouse mountain night skiing, on Wednesday night. You have to find your own way up to the gondola in North Vancouver (and they have night skating too), and Marc will be your experienced guide. Watch this space for instructions on how to sign up for this outing. Thursday night party venue and details TBD.
The detailed agenda will be published shortly, but a head's up for folks, we are considering moving the lightning talks to Wednesday.