The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community. This year’s awards were given out August 3, concurrent with the Black Hat USA 2011 conference. Some of these are positive. Some of the incidents were a major “Maalox moment” for the winners. Kind of like the Razzies, that salute the worst of Hollywood each year.
The Pwnie Winners
• Pwnie for Best Server-Side Bug - ASP.NET Framework Padding Oracle (CVE-2010-3332) - : Juliano Rizzo, Thai Duong
• Pwnie for Best Client-Side Bug - FreeType vulnerability in iOS (CVE-2011-0226) - : Comex
• Pwnie for Best Privilege Escalation Bug - Windows kernel win32k user-mode callback vulnerabilities (MS11-034) -Tarjei Mandt
• Pwnie for Most Innovative Research - Piotr Bania
• Pwnie for Lifetime Achievement -pipacs/PaX Team
• Lamest Vendor Response - RSA SecurID token compromise
• Pwnie for Most Epic FAIL - Sony
• Pwnie for Epic 0wnage - Stuxnet
For more details on the awards, go to http://pwnies.com/winners/ Worth checking out.
Another interesting read - "Top 10 Security SNAFUs of 2010" at http://kensek.blogspot.com/2011/01/top-10-security-snafus-of-2010_25.html
Showing posts with label black hat. Show all posts
Showing posts with label black hat. Show all posts
Wednesday, August 10, 2011
Sunday, August 07, 2011
Inside the Exhibitors Ballroom at Black Hat USA 2011
Day One at Black Hat USA 2011
80 plus vendors, waiting for seminars to end, so that the Black Hat attendees will come through Exhibitors Ballroom at Caesars Palace in Las Vegas. The first day ran almost 12 hours (including the drinks/appetizers for the last couple of hours on day one).
The doors open. The rush begins. For knowledge? Well, almost. For the prime tchotchkes, primarily tee shirts. McAfee was also doing a book signing on Day One. That, a motorcycle and tradeshow women in biker garb and phishnet stockings… Strike that, fishnet stockings, helped create traffic around their booth.
A zombie wandering the floor caught people’s attention. As did a booth having a drawing for a chain saw. A real chain Stihl® saw. Courtesy of Solera Networks. Interestingly enough, they weren’t the company sponsoring the zombie walking around. Explain the chainsaw to security at McCarran International! “Sir, you’ll have to check that.”
Breaks in the morning and afternoon. Security catching someone who put a piece of yellow paper into an official pass holder hoping that security wouldn’t notice that there was nothing on it. One of the top sellers at the Black Hat store – lock picking kits.
Lines for food and drinks at 5:30. Pasta, pizza, and more…. Later, Crystal Meth at one of the Wednesday evening functions. Absolut Vodka as a sponsor for one event. People moaning about having to get up at 5:30 in the morning to try and buy a Defcon pass being held at another casino immediately following the end of Black Hat.
The booths aren’t set up for sit down presentations, so vendors are able to have one on one discussions with individuals coming through, demoing SW, etc.
Day Two
Quite a few bleary eyes when the Exhibition Ballroom doors open. Quiet compared to the day before. In one corner of the Ballroom, people working with soldering irons to make their own robots. Some traffic around the Symantec booth for the energy boost/caffeine gum. Line for popcorn at one booth.
Many people walking around with their heads bent downward. Checking their mobiles? Nope, looking at the card they were carrying to see which booths they had to go to get stamped and be eligible for drawings.
One o’clock hits – another line forms. Qing Li autographing copies of “IPv6 Advanced Protocols Implementation” at the Blue Coat booth. 300 signatures later, they’re gone. More than a few handfuls of people wearing a black tee from a vendor. If they’re seen by that vendor walking around, they become eligible for drawings.
People seemed to be generally pleased with the talks, keynotes and the education tracks. There was a blend of highly technical to not so technical. The mix appears to change slightly from year to year. One person wasn’t pleased that one presentation began with the presenter explaining what a virtual appliance was.
As the end of the day approaches, and before the make your own sundae break (yes, more food), the exchanging of the tchotchkes begins, when competitors briefly become friends, long enough to trade for t shirts, in situations where there are extras.
4:45 hits, attendees are ushered out, and the sponsors begin teardown. Until next year….
80 plus vendors, waiting for seminars to end, so that the Black Hat attendees will come through Exhibitors Ballroom at Caesars Palace in Las Vegas. The first day ran almost 12 hours (including the drinks/appetizers for the last couple of hours on day one).
The doors open. The rush begins. For knowledge? Well, almost. For the prime tchotchkes, primarily tee shirts. McAfee was also doing a book signing on Day One. That, a motorcycle and tradeshow women in biker garb and phishnet stockings… Strike that, fishnet stockings, helped create traffic around their booth.
A zombie wandering the floor caught people’s attention. As did a booth having a drawing for a chain saw. A real chain Stihl® saw. Courtesy of Solera Networks. Interestingly enough, they weren’t the company sponsoring the zombie walking around. Explain the chainsaw to security at McCarran International! “Sir, you’ll have to check that.”
Breaks in the morning and afternoon. Security catching someone who put a piece of yellow paper into an official pass holder hoping that security wouldn’t notice that there was nothing on it. One of the top sellers at the Black Hat store – lock picking kits.
Lines for food and drinks at 5:30. Pasta, pizza, and more…. Later, Crystal Meth at one of the Wednesday evening functions. Absolut Vodka as a sponsor for one event. People moaning about having to get up at 5:30 in the morning to try and buy a Defcon pass being held at another casino immediately following the end of Black Hat.
The booths aren’t set up for sit down presentations, so vendors are able to have one on one discussions with individuals coming through, demoing SW, etc.
Day Two
Quite a few bleary eyes when the Exhibition Ballroom doors open. Quiet compared to the day before. In one corner of the Ballroom, people working with soldering irons to make their own robots. Some traffic around the Symantec booth for the energy boost/caffeine gum. Line for popcorn at one booth.
Many people walking around with their heads bent downward. Checking their mobiles? Nope, looking at the card they were carrying to see which booths they had to go to get stamped and be eligible for drawings.
One o’clock hits – another line forms. Qing Li autographing copies of “IPv6 Advanced Protocols Implementation” at the Blue Coat booth. 300 signatures later, they’re gone. More than a few handfuls of people wearing a black tee from a vendor. If they’re seen by that vendor walking around, they become eligible for drawings.
People seemed to be generally pleased with the talks, keynotes and the education tracks. There was a blend of highly technical to not so technical. The mix appears to change slightly from year to year. One person wasn’t pleased that one presentation began with the presenter explaining what a virtual appliance was.
As the end of the day approaches, and before the make your own sundae break (yes, more food), the exchanging of the tchotchkes begins, when competitors briefly become friends, long enough to trade for t shirts, in situations where there are extras.
4:45 hits, attendees are ushered out, and the sponsors begin teardown. Until next year….
Sunday, July 31, 2011
Unlimited Online Storage Defined – Black Hat USA 2011
Unlimited Online Storage Defined
The pitch - *UNLIMITED storage. The asterisk - *Subject to fair use policy. The details - "In the event you chose an unlimited storage option for the bbb Paid Services, your usage of the Services if in excess of 500GB may at bbb’s sole discretion be subject to additional usage fees, as referenced in f) above and in this paragraph". Unlimited, and fair use, appears to be 500GB. As a reference point, 500GB is the hard drive size of a number of laptops. Online storage service providers such as Box.net, dropbox, carbonite, livkive, mozy, and sugarsync must be pleased that that has been cleared up. Note, each vendor has their own plans with various storage amounts. Next week – infinite and pi brought to closure.
Black Hat USA 2011
The Black Hat conference runs in Las Vegas August 1 through 4 at Caesars Palace. Potential blogs may be published during the event. Over 5000 attendees will hear a number of speakers. There are nine training tracks. Over 80 vendors will be part of the tradeshow. Sponsors include internet security providers Norman, Symantec, McAfee, and GFI. Qualys is the diamond sponsor. https://www.blackhat.com/html/bh-us-11/bh-us-11-sponsors.html There may be some IPO (initial public offering) candidates in there.
About Black Hat
The Black Hat Briefings remains the biggest and the most important technical security conference series in the world by remaining true to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment.
https://www.blackhat.com/html/bh-us-11/bh-us-11-home.html
Pwnie Awards
The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community. The awards are given out once a year. The fifth annual ceremony will take place on August 3rd, during Black Hat USA. http://pwnies.com/about/
The pitch - *UNLIMITED storage. The asterisk - *Subject to fair use policy. The details - "In the event you chose an unlimited storage option for the bbb Paid Services, your usage of the Services if in excess of 500GB may at bbb’s sole discretion be subject to additional usage fees, as referenced in f) above and in this paragraph". Unlimited, and fair use, appears to be 500GB. As a reference point, 500GB is the hard drive size of a number of laptops. Online storage service providers such as Box.net, dropbox, carbonite, livkive, mozy, and sugarsync must be pleased that that has been cleared up. Note, each vendor has their own plans with various storage amounts. Next week – infinite and pi brought to closure.
Black Hat USA 2011
The Black Hat conference runs in Las Vegas August 1 through 4 at Caesars Palace. Potential blogs may be published during the event. Over 5000 attendees will hear a number of speakers. There are nine training tracks. Over 80 vendors will be part of the tradeshow. Sponsors include internet security providers Norman, Symantec, McAfee, and GFI. Qualys is the diamond sponsor. https://www.blackhat.com/html/bh-us-11/bh-us-11-sponsors.html There may be some IPO (initial public offering) candidates in there.
About Black Hat
The Black Hat Briefings remains the biggest and the most important technical security conference series in the world by remaining true to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment.
https://www.blackhat.com/html/bh-us-11/bh-us-11-home.html
Pwnie Awards
The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community. The awards are given out once a year. The fifth annual ceremony will take place on August 3rd, during Black Hat USA. http://pwnies.com/about/
Subscribe to:
Posts (Atom)
Posts
