Yes, I know I haven’t updated this BLOG in quite a while. Basically, the busier I get at work, the less time and motivation I have to update the BLOG. Work has been super busy but to be honest that is a good thing, I have been in situations in the past where things have been slow and steady and typically those jobs don’t last long.
Anyways, back to the point of this post – CanSecWest 2008. As usual, Dragos, Wil, Sean, and the rest of the crew put on a great show. Yes, I am a bit biased because I have always been a CSW fanboy, but I like to think that I am honest enough that if I found something sucked — I would say it sucked.
Pwn-2-0wn was as usual a feast for the press. Huge apologies to my new friend Aviv Raf who was counting on me to use a flaw he found to win him the Vista box. There is no one to blame on this not happening, his vulnerability works, but myself and perhaps my lack of motivation. So again, huge apologies.
That said, congrats to K2 (the Whiner.. hehe) for taking the Vista box. I love how K2 has stirred the pot around this contest and the buying of vulnerabilities in general. Perhaps we will see organizations like ZDI start to actually offer what they are worth and not the low-ball amounts. Although in their defense, they do not resell the vulnerabilities or make any money off of them other than the associated PR it generates.
All of the Operating System fanboy traffic around the contest was amusing. Between the claims that the Mac box only fell because Microsoft was a sponsor (note: they were a conference sponsor not the pwn-2-0wn contest sponsor) and the claims that Ubuntu didn’t fall because it’s the most secure I could do nothing but laugh. I highly doubt any of us will live long enough to see the day that the O/S wars cease.
Those of you that follow my Twitter Feed probably saw me poking fun at one of the VMWare talks. Please do not take my comments as disrespect, anyone who puts the time in to research an issue then gets up in front of a group of hung over and in general grumpy geeks and presents their work is cool with me. But I found it hard to get excited about issues that require me to have local physical access to the system. I mean, of course at that point there are a number of ways to pop the Guest Operating Systems.
In general all of the talks were great, some hard to hear due to audio issues, but other than that I can say I learned a few things, met some more cool people and had a great time. That is, in general, the point and not to beat up on other conferences, something that is missing from many of the old school conferences. Hopefully I make it out to Tokyo for PacSec this year too!
Oh, and to those that expressed concern over Dragos handing me a sharp Samurai Sword. The sword has safely made it back to Calgary and this weekend will safely make it back to California incident and more importantly blood free.
I will be at RSA next week, possibly only on Tuesday to participate in my panel but if you are going to be there and want to grab some beers, feel free to get in touch with me.