14 DAY TRIAL // There is a potential Mac OS X, Linux and Windows Vista hack fiesta in the making, at this year's CanSecWest security research conference. The CanSecWest Vancouver 2008 is the ninth annual CanSecWest conference and will take place March 26-28, in Vancouver, Canada. The event is an opportunity for open interaction with members of the security community, according to the CanSecWest's official page. The three-day conference comes with a strong focus placed on applied digital security and is designed to foster collaboration and act as a catalyst for social networking.
Back in 2007, CanSecWest got a consistent amount of play due to a stunt sponsored by 3Com's Tipping Point division. Essentially, participants were offered a chance to crack two Mac computers running Mac OS X 10.4 Tiger. At that time, Dino Dai Zovi - a New York security researcher - and Shane Macaulay on the ground at CanSecWest managed to break into one of the two Macbook Pro computers offered as targets via a vulnerability on QuickTime. Subsequently, it was proven that the QuickTime vulnerability in the media player that ships as a default component of Mac OS X also impacted the Windows platform. The Java enabled Safari browser was the proverbial cherry on the cake which permitted Dino Dai Zovi to completely own the Macbook Pro box.
The security researcher walked away with $10,000 after he handed over the technical details of the vulnerability to 3Com's Tipping Point, while his friend got the Mac computer. And it seems that for the 2008 CanSecWest, the organizers have something similar in mind. Only that this time the hack challenge could also involve Linux and Windows Vista on top of Mac OS X Leopard. And it could even feature Vista SP1.
"We're thinking of having a contest where we have Vista and OS X and Linux ... and see which one goes first," revealed Dragos Ruiu, the principal organizer of CanSecWest, as cited by InfoWorld. The actual details of the challenge have not been made public at this point in time. However, the conference will bring together a diversified array of experts to talk on security.
"Some talks have been confirmed:Marty Roesch, from Sourcefire, will be introducing Snort 3.0. Rich Cannings, from Google, will be talking about Adobe Flash vulnerabilities. Jan 'starbug' Krissler and Karsten Nohl, of the CCC, will be talking about security issues in proprietary RFID systems. Mark Dowd and John McDonald, from IBM ISS, will talk about finding bugs in Windows media software. Rob Hensing, of Microsoft, will be talking about targetted attacks and Microsoft Office malware. Oded Horovitz, of VMWare, will be talking about security in virtualized environments in a talk entitled: 'Virtually Secure.' Fr?d?ric Raynal(MISC) and Eric Filiol(ESAT), will be giving a talk entitled: 'Malicious Cryptography.' Thierry Zoller, of nRuns will be giving a talk entitled: 'The Death of AV Defense in Depth: Revisiting Anti-Virus Software'," read the talk notifications posted by CanSecWest.