I have been reading about the highlights of the CanSecWest show all over the net, and it seems like there were a lot of really cool presentations. TippingPoint’s ‘Pwn2Own’ contest at CanSecWest that started late last week concluded over the weekend. The contest awarded $5,000 to each hacker would could uncover an exploit for any of the major browser platforms (Firefox, Internet Explorer, Chrome, & Safari). Firefox, IE, & Safari were all exploited at least once during the contest, with Chrome the only browser to make it through the trials. Perhaps that is to be expected given its newness. Lots more wrap-up details on the DV Labs site.
I know a lot of security researchers have a bitter taste from the way companies behave when a security flaw is revealed; still, I am always interested in seeing these types of contests as they are great demonstrations of creativity, and the ability to share knowledge amongst experts is great for all of the participants. If this method of “No Free Bugs” works to get discoveries back in the public eye, I think that’s great.
I would have much like to have seen the presentation “Sniff keystrokes with lasers/voltmeters: Side Channel Attacks Using Optical Sampling of Mechanical Energy Emissions and Power Line”. Having previously witnessed what information can be gleaned from power lines, and things like over-the-air Tempest attacks, I would like to see how the state of the art on physical side channels has progressed.
One of the other show highlights was covered by Dennis Fisher over on Threatpost- it appears that the Core Security Technologies team has demonstrated a persistent BIOS attack. There are next to now details on this one, but if they are able to perform this trick without the assistance of a secondary device and only obtaining admin access, this is a really dangerous attack. If you have access to the physical platform, all bets are pretty much off. Looking forward to seeing the details.
Reader interactions
5 Replies to “CanSecWest Highlights”
[…] Adrian’s CanSecWest Highlights. I really need to go next […]
[…] Go here to see the original: CanSecWest Highlights | securosis.com […]
I was at the presentation and provided a little more detail on what my observations were – http://blog.triplecheck.ca/2009/03/few-more-details-regarding-peristent.html
@ds – Where the system runs is optional … local or remote. Data collection can be push or pull, with an agent or not. And just like any cryptographic system, it can be subverted, especially if you gain control of the host. Or obtain the private session key or master key from which it was derived, you could in fact re-create the entire log series. And there are ways to poison the feed prior to data collection. For an eDiscovery solution, as an example, there are typically no protections on the email prior to it’s arrival to the archival system so it could have been altered along the way, but that is not considered a threat to the communications that are only deemed important years later in some courtroom.
The value of the technology is dependent upon the threat model you are trying to counter and how it is deployed. For example, I wanted to use the logs from three different sources at three different locations to compare. I was not worried that all three systems could be compromised at the same time, but I did need the time and event sequencing, and I wanted time and event sequencing, and I wanted some tamper detection capabilities as a way to forensically compare events.
If I failed to answer your question, send me an email …
-Adrian
Talk to Proofspace. This is essentially their domain…