Designer

SOCIAL NETWORK: From USENET to TWITTER.

CanSecWest

CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.

PWN 2 OWN

In Internet security jargon, to "pwn" means "to compromise" or "to control", specifically another computer (server or PC), web site, gateway device, or application; it is synonymous with one of the definitions of hacking or cracking. An outside party who has "owned" or "pwned" a system has obtained unauthorized administrative control of the system.

PWN2OWN 2008

Three targets, all patched. All in typical client configurations with typical user configurations. You hack it, you get to keep it.

Targets (typical road-warrior clients):
* VAIO VGN-TZ37CN running Ubuntu 7.10
* Fujitsu U810 running Vista Ultimate SP1
* MacBook Air running OSX 10.5.2



Day 1: March 26th: Remote pre-auth
All laptops will be open only for Remotely exploitable Pre-Auth vulnerabilities which require no user interaction. First one to pwn it, receives the laptop and a ,000 cash prize.
The pwned machine(s) will be taken out of the contest at that time.

Day 2: March 27th: Default client-side apps
The attack surfaces increases to also include any default installed client-side applications which can be exploited by following a link through email, vendor supplied IM client or visiting a malicious website. First one to pwn it receives the laptop and a ,000 cash prize.
The pwned machine(s) will be taken out of the contest at that time.

Congratulations to our first winner of the CanSecWest PWN to OWN contest!  At 12:38pm local time, the team of Charlie Miller, Jake Honoroff, and Mark Daniel from Independent Security Evaluators have successfully compromised the Apple MacBook Air, winning the laptop and ,000 from TippingPoint's Zero Day Initiative.  They were able to exploit a brand new 0day vulnerability in Apple's Safari web browser.  Coincidentally, Apple has just started to ship Safari to some Windows machines, with its iTunes update service. The vulnerability has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Apple who is now working on the issue.  Until Apple releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability.  You can track the vulnerability on the Zero Day Initiative upcoming advisories page under ZDI-CAN-303.

Day 3: March 28th: Third Party apps
Assuming the laptops are still standing, we will finally add some popular 3rd party client applications to the scope. That list will be made available at CanSecWest, and will be also posted here on the blog. First to pwn it receives the laptop and a ,000 cash prize.

2:30pm PST Update: Its been two hours so far, and both Vista and Ubuntu laptops are still standing. Stay tuned...

7:30pm PST Update - Vista Laptop was Won!: Congratulations to Shane Macaulay from Security Objectives - he has just won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash. Not only is he the official winner of the Fujitsu laptop, but also ,000 from us. Shane received some assistance from his friends Derek Callaway (also from Security Objectives) and Alexander Sotirov. If you'll also remember, Shane Macaulay was Dino Dai Zovi's on-site team member at last year's PWN to OWN event in which they ultimately took the top prize.

The new Adobe Flash 0day vulnerability that Shane exploited has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Adobe who is now working on the issue.  Until Adobe releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability.  You can track the status of the vulnerability on the Zero Day Initiative upcoming advisories page under ZDI-CAN-306.

Quick Overview:
* Limit one laptop per contestant.
* You can't use the same vulnerability to claim more than one box, if it is a cross-platform issue.
* Thirty minute attack slots given to contestants at each box.
* Attack slots will be scheduled at the contest start by the methods selected by the judges.
* Attacks are done via crossover cable. (attacker controls default route)
* RF attacks are done offsite by special arrangement...
* No physical access to the machines.
* Major web browsers (IE, Safari, Konqueror, Firefox), widely used and deployed plugin frameworks (AIR, Silverlight), IM clients (MSN, Adium, Skype, Pigdin, AOL, Yahoo), Mail readers (Outlook, Mail.app, Thunderbird, kmail) are all in scope.

Zero-Day Attack

A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or unpatched computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses.

Zero-day exploits are released before the vendor patch is released to the public. Zero-day exploits generally circulate through the ranks of hackers until finally being released on public forums. The term derives from the age of the exploit. A zero-day exploit is usually unknown to the public and to the product vendor.

The term zero-day can also be used to describe warez-group releases of pirated software on or before the release of the software.

black hat, white hat & cracker

A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent. The term white hat is used for a person who is ethically opposed to the abuse of computer systems, but is frequently no less skilled. The term cracker was coined by Richard Stallman to provide an alternative to using the existing word hacker for this meaning. The somewhat similar activity of defeating copy prevention devices in software which may or may not be legal in a country's laws is actually software cracking.

Reference
http://dvlabs.tippingpoint.com/
http://www.wikipedia.org
http://cansecwest.com/

美丽依旧！

联想近日打出一则ThinkPad X300笔记本广告，“Everything else is just hot air”(hot air意指吹牛)的广告词直指苹果MacBook Air。

ThinkPad X300广告中的一些关键字：No-Compromise，3 USB ports， integrated DVD drive

字字打在苹果的屁股上。

另一则，在加拿大举行的黑客比赛中，MacBook Air的系统在互动环境下率先被攻破，用时2分钟。

这2分钟Vista在干嘛呢？人家还没重启完呢！（Joke，严肃者请绕行。）

决定将每周末的一天定为社交日，广泛开张各类社交活动，欢迎全球各地人民献计献策，不分性别，不分种族。

今天借Tom同学的人脉、Aslada同学的财力，前往了香格里拉怡咖啡进行了饕餮活动。不仅吃到了久违的北京片皮鸭、奶黄包和小笼馒头，还对各类甜品进行了集中消灭。我这个人很好养活，专挑便宜的东西吃。自从在巴萨和尼斯被海鲜大盆砸过后，那些贝壳类和足节类动物就再也引不起胃的兴趣，不过今天的海鲜还是相当有水准的。

Tom同学经过尖头皮鞋文化的熏陶，已经俨然成为潮男一名。衷心希望他能保持品味，不要被熏陶成某类人。

Aslada同学还是一贯幼齿，尽显14中学风采。期待她在PR的道路上劈风斩浪，早日让我们去尊雅海吃。

餐后去Decathlon购战靴一双，随后回正大对平价店铺H&M、Zara、C&A、Esprit 、UNIQLO进行了检阅，更新一下上海市场的最新行情，结束了一天的闲生活。

好天气各有各的好，坏天气都是一样糟。



自己玩的时候我还是心系祖国的，以下是我最近看到的最务实的一篇关于Ti/bet的文章，供大家参考：
The Cry of Tibet
原文出处：http://online.wsj.com/article/SB120666008071070097.html?mod=googlenews_wsj

今天开始听Aslada推荐的王若琳，貌似有点意思。