Friday, March 26, 2010


Single track, super smart technical content (well, except maybe the idiot from McAfee), high quality attendees... This is a good conference.

Charlie Miller's talk on fuzzing was interesting from an analytic point of view, showing the curve that illustrates the point of diminishing returns for fuzzing and the volume of failures you will have in order to achieve a few successes (exploits). Key take away for vendors: keep fuzzing. A lot. Because if you don't, someone else will.

Pwn2Own was open its usual 3 days but all the exploits were on day 1 again. iPhone was the only phone that was hacked, and three of the four browsers were hacked (IE8, FireFox, Safari). I carry an iPhone, dammit. Thinking about switching from FF to Chrome though. I doubt it is bulletproof, but if no one is targeting it because it's market share is too small, I'm ok taking advantage of that security-through-obscurity for now.


Stupid Boys

I have a female coworker who is a badass tools developer. And at CanSec not only was it assumed she must not be here for the conference (female), but that she was the shiatsu massage therapist stationed at the con (Asian).

Eventually this retarded attitude at conferences has got to change. There were so many women at CanSec that Dragos ran out of ladies jackets and had to rush order more. Speaking of which, the jackets are pretty awesome. Probably the best con swag I've gotten in my 7 years of attending security conferences.

Labels: , , , , ,