- One single track in one ballroom. You won't have to run around to different parts of the hotel to find seating in overcrowded ballrooms only to find out the material being presented was lame. There were plenty of seats available and all the presentations were interesting.
- The organizer is a nice guy. I've never met Dragos Riu, the conference organizer. He seems to be a nice guy and did a good job of keeping things in order. He even sits in on many of the sessions.
- Great speakers with great content. Some were WAY over my head, but I never felt like I could have done a better job. That may sound weird, but I feel that way about some sessions at other conferences.
- Lots of interesting people attend. This conference attracts some famous/infamous people in the security industry, but isn't so large that you can't talk to them. I met Theo De Raadt, the founder and leader of the OpenBSD and OpenSSH projects. Theo is known for his terse and blunt means of communication on the various OpenBSD lists, but in person, he is very different. I also spoke with Dan Kaminsky, who sat out most of the conference to hack the Windows laptop. I don't know if he was successful. Marty Roesch was there to speak about Snort 3.0. Fyodor, creator of nmap, was also there.
I enjoyed all of the sessions. My favorite sessions were:
- Virtually Secure - Oded Horovitz, VMWare
- Cross-Site Scripting Vulnerabilities in Flash Authoring Tools - Rich Cannings, Google
- Cold Memory Forensics Workshop - Tom Liston and Sherri Davidoff, Intelguardians
- Snort 3.0 - Marty Roesch, Sourcefire
- Malicious Cryptography - Frédéric Raynal, Sogeti/Cap-Gemini
When you're not attending the sessions, you can sign up for a 30 minute slot to hack a computer. The contest is called PWN2OWN. The goal is, if you hack into it, you get to keep it. This year's targets were:
- Sony VAIO VGN-TZ37CN running Ubuntu 7.10
- Fujitsu U810 running Vista Ultimate SP1
- MacBook Air running OSX 10.5.2
All systems were fully patched right before the contest started. The MacBook was the first to get 0wn3d, via Safari, after 10 minutes. I think the Mac will always get targeted first because it is the best prize. ;-)
I will definitely attend CanSecWest 2009. I hope to be a regular.
1 comment:
Sounds like a useful conference. How many days were you there? And were the other systems successfully hacked in the contest?
Post a Comment