EDIT : So during my presentation today (the 2nd to last one of the day) I guess Shane ended up pwning the Vista box and winning it: http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up My presentation ran a little long and Dragos...

Have I mentioned yet how much CanSecWest rocks? Dragos seems to have thought of everything. Since many people stay out late at night networking and socializing and sometimes find it challenging to get up at 7:30am to make the 8-9am breakfast - Dragos...

So Dragos just announced before lunch that within 10 minutes of opening Day 2 of the pwn2own contest - the Mac has fallen. Wonder what took so long? :) UPDATE : Just talked with Dragos - the finder is signing with ZDI to get paid - so no vuln details...

This morning we started off with a talk on Mobitex from a Toolcrypt guy (OlleB). Olle was a very relaxed speaker with very good English (given that he hails from Stockholm) although the talk was a bit dry and not super interesting for me. Mobitex as it...

Not only did it take less than a week (as it did with the beta release) to find critical vulns in Safar 3.1 for Windows - but they managed to violate their own EULA by distributing it to approximately 500m Windows users in the first place! http://apple...

Random thoughts: Haven't seen the sun since like . . . Monday morning. Driving to Canada sucks in the rain. Multiple accidents inside the 12 or so miles I had to drive in Canada made the Canadian part of the trip about as long as the U.S. part...

This is hugely irresponsible of Apple IMHO: http://blogs.zdnet.com/Bott/?p=405&tag=nl.e622 As history has taught us - browsers are not trivial applications to write securely and they are the primary conduit by which badness often enters your PC...

A friend of mine made a comment to me the other day that said exactly that - and now we have the creator of JSON saying the same thing: http://www.internetnews.com/dev-news/article.php/3735341 Amen brother . . .

It's about damned time: http://www.networkworld.com/community/node/26144 http://www.fbi.gov/page2/march08/cybergroup_031708.html And you know it's gonna be a success because they've got the Mounties involved! He he he . . . jeez I crack myself up...

My friend Neil has a pretty good post on the mass SQL injection stuff that was reported in the press recently. http://blogs.technet.com/neilcar/archive/2008/03/14/anatomy-of-a-sql-injection-incident.aspx

Well not quite - but I am the second to last speaker on the last day (Friday) - http://cansecwest.com/agenda.html Ugh - people usually skip out early on the last day to make flights and stuff - so I guess not many people will be staying for my live demos...

"This really wasn't what our customers were looking for," said Wal-Mart Stores Inc. spokeswoman Melissa O'Brien. http://news.yahoo.com/s/ap/20080310/ap_on_hi_te/wal_mart_linux_computer Hilarious.

So last week was a VERY interesting week. First off we had some dude going public with information that the Pentagon had apparently been succesfully hacked at some point last year by an organization whom they believe but won't officially state as being...

So my friend Jonathan who is one of my hard-core kernel go to guys has decided to dip his toe into the waters of the blogosphere and you can start reading his blog here: http://blogs.msdn.com/itgoestoeleven/ He'll be blogging about some pretty low level...

Good lord - even their viruses ( no the plural of virus is NOT virii ) are sexier than PC viruses! http://www.troika.uk.com/virus.htm And from the "wtf were they thinking" files - Google decides to release the Android SDK with outdated open source...