CanSecWest 2008

I just attended CanSecWest, an annual information security conference in Vancouver, Canada. This was my first time attending the conference, so I wasn't sure what to expect. There are a few things I really liked about this conference, compared to others.

• One single track in one ballroom. You won't have to run around to different parts of the hotel to find seating in overcrowded ballrooms only to find out the material being presented was lame. There were plenty of seats available and all the presentations were interesting.

• The organizer is a nice guy. I've never met Dragos Riu, the conference organizer. He seems to be a nice guy and did a good job of keeping things in order. He even sits in on many of the sessions.

• Great speakers with great content. Some were WAY over my head, but I never felt like I could have done a better job. That may sound weird, but I feel that way about some sessions at other conferences.

• Lots of interesting people attend. This conference attracts some famous/infamous people in the security industry, but isn't so large that you can't talk to them. I met Theo De Raadt, the founder and leader of the OpenBSD and OpenSSH projects. Theo is known for his terse and blunt means of communication on the various OpenBSD lists, but in person, he is very different. I also spoke with Dan Kaminsky, who sat out most of the conference to hack the Windows laptop. I don't know if he was successful. Marty Roesch was there to speak about Snort 3.0. Fyodor, creator of nmap, was also there.

I enjoyed all of the sessions. My favorite sessions were:

• Virtually Secure - Oded Horovitz, VMWare

• Cross-Site Scripting Vulnerabilities in Flash Authoring Tools - Rich Cannings, Google

• Cold Memory Forensics Workshop - Tom Liston and Sherri Davidoff, Intelguardians

• Snort 3.0 - Marty Roesch, Sourcefire

• Malicious Cryptography - Frédéric Raynal, Sogeti/Cap-Gemini

When you're not attending the sessions, you can sign up for a 30 minute slot to hack a computer. The contest is called PWN2OWN. The goal is, if you hack into it, you get to keep it. This year's targets were:

• Sony VAIO VGN-TZ37CN running Ubuntu 7.10
  
• Fujitsu U810 running Vista Ultimate SP1
  
• MacBook Air running OSX 10.5.2
  

All systems were fully patched right before the contest started. The MacBook was the first to get 0wn3d, via Safari, after 10 minutes. I think the Mac will always get targeted first because it is the best prize. ;-)

I will definitely attend CanSecWest 2009. I hope to be a regular.

Xterra Forums

I found a few forums dedicated to the Nissan Xterra. There seem to be a number of experienced 4x4'ers and mechanics in these forums. Searching through these forums should help me learn a lot about what to do and what not to do when fixing, upgrading, and maintaining my new Xterra.

• Xterra Firma
  
• Xterra Owners Club
• The New X
  

2008 Nissan Xterra Off Road

On Friday, I bought a 2008 Nissan Xterra Off Road. I've always wanted an Xterra and my old Honda Accord is failing. I wanted a reliable and competent vehicle to take off road and spent a lot of time looking at various vehicles. In the end, I picked the Xterra because of it's reputation for reliability and off road performance. I'm looking forward to some off road expeditions in the Xterra later this year.

Since a car is always a significant purchase, I took my time doing some research. I found some useful tips on CarBuyingTips.com. One recommendation was to purchase the Fighting Chance information packet. This turned out to be a good recommendation. I followed the advice in the packet, which outlines a unique process of buying a car. I ended up paying $884 under the invoice price for the Xterra.

I'll post photos soon.