It's CanSecWest time again. How do I know? This morning I woke up in a hotel room and when I looked outside it was pouring cats and dogs. Usually when I wake up in a hotel room it is in a warm and sunny place. Anyway, once again about 400 (I guess) people interested in computer security gathered in the Sheraton Wall Centre in Vancouver, Canada to meet with friends, listen to amazing talks and make fun of HBGary.
The conference started off very unusual. The agenda was on time. That's quite a change compared to the last few years. Admittedly, the organizers moved the first talk to noon this year to make sure that everybody manages to recover from yesterday's conference dinner and karaoke bar. I had arrived early, at around 8 hoping to score some free breakfast which unfortunately did not happen today. I used the four hours to chat with old friends, some of which I was very surprised to meet here.
At noon the talks started. The first talk was by Brad Woodberg of Juniper. He talked about network application level firewalls. Admittedly I know absolutely nothing about application firewalls, so I can not comment on the content of the talk. He is a pretty decent public speaker though. I enjoyed the talk.
The second talk was by Aaron Portnoy and Logan Brown of Hewlett-Packard. They talked about their blackbox reverse engineering approach to the Adobe Shockwave player. They described what they did to triage crashes in fuzzed Shockwave files having no knowledge at all about the Shockwave file format. Using binary instrumentation and a combination of WinDbg and Python, they described how they were able to figure out the custom memory allocator of Shockwave and other important Shockwave internals. At 90 minutes, the talk was unusually long for CanSecWest but worth every minute. They have also promised to make their tools available if people are interested. I will definitely follow up with them to make that happen.
After this talk we had a lunch break and then Pwn2Own began. For the third year in a row, I ventured up to the Pwn2Own room to see what's going on. As usual, this is what happened: Some guy sat down on a computer, pressed a few buttons on the computer, and then the Hewlett-Packard people declared him a winner and there was a round of applause. That's it. You don't get to see more if you are in the audience. If you have never been there and think the whole contest is more amazing, I am sorry to disappoint there. I only stayed for the Apple Safari ownage.
The next talk I saw was about runtime firmware integrity checking by Yves-Alexis Perez and Loic Duflot. This was a continuation of their talk they gave at CanSecWest last year but this time they focused on the defensive side of firmware attacks. Unfortunately both are not very good at public speaking. I left halfway through the talk to work on some things and talk to people outside the conference room.
Alright, now I am heading out to the conference party. The second day of CanSecWest unfortunately starts at 9:00 in the morning.
Random observations of the first day:
Of all the vendor booths, Google was by far the most popular one. It was packed with people stopping the whole day. Only Amazon managed to keep up with them. Maybe it's because both companies gave away really quirky swag and their booths were staffed by people who looked like engineers. The opposite happened at the Rapid7 booth which was pretty deserted for literally the whole day. That's what you get if you put two suits up there who could not look more like used car salesmen if they tried and you have marketing cards with dollar signs on your table instead of quirky swag.
Alex Sotirov did live reviews of the talks he saw at http://research.phreedom.org/2011/cansecwest/ . I remember how he told me about this idea at PH-Neutral last year but I never thought he would actually ever start doing it.
Google Chrome survived the first day of Pwn2Own, much to my dismay.