CanSecWest 2011 is an important and influential gathering of information security professionals. The topics covered at CanSecWest are diverse and span a variety of topics on the offensive and defensive side of the information security fence. CanSecWest is a three day conference where attendees can attend every session, if they so choose. The talks are limited and high quality and the scheduling is such that no talks overlap. The focus is on quality.
With that said there were a lot of great talks and presentations. I will highlight a favorite talk from each day. From the Wednesday sessions the most attention grabbing was the “SMS-o-Death” talk. Nico Golde and Collin Milliner cover a variety of attacks on SMS. Mulliner’s SMS reserach can be found at his site here. The “SMS-o-Death slides can be found here. Their research focused on “feature phones”, which are sort of smart, but not really, phones. They are a less interesting attack target, but their availability is huge and they represent, by far, the largest mobile attack surface out there. Surprise, they are quite vulnerable.
For Thursday I liked the iPhone and iPad hacking talk (in my defense I do a lot of iOS hacking). It was a quick overview of some less common (and more common) security issues facing iOS application developers. The highlight being novel techniques to gain code execution, including abusing NSString formatting %@. If you have any statements that look like this [someString stringWithFormat:otherString], or NSLog(someNSString), bad developer no going home tonight for you! The talk also discussed data escaping vulnerabilities with XLS, PDF and RTF handling semantics. The talk covered a lot of ground. Alex Sotirov has a nice write up of it on his coverage of CanSecWest 2011.
Vincenzo Iozzo and Giovanni Gola of Zynamics gave a talk on some advanced analysis techniques. In their talk they cover some of the concepts in the Zynamics tool, BinNavi, and discuss how to approach static analysis in a different way to discover certain classes of bugs. The approach to walking the call flow graph and setting up the static analysis in a particular, and novel, way allows them to more easily discover certain classes of bugs (they claim a best use for C++ life-span issues). The slides from the talk they gave at BlackHat DC, which is similar to the CSW talk can be found here. As always, the research Zynamics present is great and cutting edge. The short summary is: they have math and know how to (ab)use it.
Pwn2Own. About that. As an avid infosec observer, mobile application tester and bug hunter, I really love Pwn2Own. The results are a good where does the “rubber meet the road” public exhibition. It may not be for everyone, but it is entertaining. Pwn2Own setup. Pwn2Own results. The linked media coverage is a bit inaccurate, mainly because it didn’t take minutes, days or seconds, for a given target to fall. The researchers spent significant time outside of the contest to develop their exploits. Also, no one has genuinely researched or targeted Windows Phone 7 yet because it new and has little market share just yet. Windows Phone 7 did not fall, but the security of it is no mystery, I am going with “no different, or more safe, than any other smartphone operating system”. Android survived, which was a little surprising. So it goes.
Both comments and trackbacks are currently closed.