.

CanSecWest 2008

<<

don

User avatar

Administrator
Administrator

Posts: 4258

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Dec 19, 2007 12:52 pm

CanSecWest 2008

CanSecWest 2008
March 26-28 2008
Mariott Renaissance Harbourside
Vancouver, British Columbia


Interact with the security community

CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.

The conference is single track, with one hour presentations over the duration beginning at 9:00 a.m. The registration fee includes the catered meals, and there will be a vendor display and lounge/eating area, where wireless internet access will be available (as well as in the speaking theater).


http://www.cansecwest.com

As always, please share your thoughts on this event and whether or not you will be attending.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Wed Dec 19, 2007 4:30 pm

Re: CanSecWest 2008

Have any of you ever gone to this?  As in.. is it worth me making a 3 hour drive?
"Bad.. Good?  I'm the guy with the gun"
<<

don

User avatar

Administrator
Administrator

Posts: 4258

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Mar 27, 2008 12:32 am

Re: CanSecWest 2008

Any EH-Netters in attendance this year? Would love to hear about it as would other readers. Your feedback really helps us figure out how to wisely spend our time and money.

Thanks,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

don

User avatar

Administrator
Administrator

Posts: 4258

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Mar 28, 2008 9:24 pm

Re: CanSecWest 2008

Our friends at Intelguardians make a big splash at CanSecWest. Check out these stories by Dan Gooden of The Register:


Next time you go to the loo, bring your locked laptop with you
CanSecWest | DaisyDukes brings memory sniffing to the masses
By Dan Goodin • Friday 28 Mar 2008 11:02

Building off recent research that showed how to extract encryption keys from a computer's memory, a penetration testing company has unveiled a tool that sniffs out passwords, documents, and other sensitive data in a matter of minutes.

DaisyDukes is a memory sniffer that resides on a USB device. A researcher can plug it into an unattended machine that is turned on but has been locked and reboot the machine off a compact operating system contained on the drive. Depending on the user's needs, it can be configured to capture the entire contents of a computer's memory, or sniff out only certain types of data - say a password to access the company network or unlock a user's private encryption key.

It turns out both Windows and Linux retain "boatloads and boatloads" of passwords in memory, said Sherri Davidoff, a security analyst with IntelGuardians, the penetration-testing firm that developed the tool. It's already been able to isolate passwords for Thunderbird, AOL Instant Messenger, GPG, SSH, Outlook, Putty and TrueCrypt, among others, and with additional research they believe they can find many more.

"The idea here is let's see if we can hit an office building, get in and out in 25 minutes or less and walk out with some interesting passwords," said Tom Liston, an IntelGuardians security consultant who along with Davidoff co-presented the tool at the CanSecWest security conference in Vancouver.




How safe is VMware's hypervisor?
CanSecWest | The debate rages on
By Dan Goodin • Thursday 27 Mar 2008 16:03

CanSecWest VMware researcher Oded Horovitz got an earful when he told a group of security buffs his company's virtualization software was theoretically impenetrable. Speaking at the CanSecWest conference in Vancouver, his hour-long presentation, titled Virtually Secure, included a slide titled "VM Escape" that carried the following bullet point:

"Though impossible by design, the hypervisor can still have implementation vulnerabilities."

It was more than some attendees could bear.

"And the Titanic was unsinkable," Mike Poor, a senior security analyst for IntelGuardians shot back. Other attendees complained that security increasingly looked like an afterthought as VMware continued to add new bells and whistles to its Workstation and ESX Server products - many from third party companies.

"I take strong issue with your saying 'trust the hypervisor' when you're expanding it to run other people's APIs," one attendee, who asked not to be identified, told Horovitz immediately following his talk.



Well done,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Sun Mar 30, 2008 8:25 am

Re: CanSecWest 2008

The Vista laptop got Pwned...

http://dvlabs.tippingpoint.com/blog/200 ... nd-wrap-up

7:30pm PST Update - Vista Laptop was Won!: Congratulations to Shane Macaulay from Security Objectives - he has just won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash. Not only is he the official winner of the Fujitsu laptop, but also $5,000 from us. Shane received some assistance from his friends Derek Callaway (also from Security Objectives) and Alexander Sotirov. If you'll also remember, Shane Macaulay was Dino Dai Zovi's on-site team member at last year's PWN to OWN event in which they ultimately took the top prize.

The new Adobe Flash 0day vulnerability that Shane exploited has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Adobe who is now working on the issue.  Until Adobe releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability.  You can track the status of the vulnerability on the Zero Day Initiative upcoming advisories page under ZDI-CAN-306. 


I was actually in the offsec IRC chatroom when this happened.  One of their guys was doing live posts from the event.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER

Return to Calendar Of Events

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software