I’ve just recently returned from REcon 2012 and while I heard a couple people express that they had “heard” that some people were more disappointed with this year’s conference compared to prior ones, I personally really enjoyed it and felt it was the best one yet. I saw and enjoyed more of the lectures this year than I have in the past and seemed to have better interactions with the other conference attendees, better conversations, and generally enjoyed myself more than years past. Perhaps it was because this year Montreal wasn’t in the middle of a heat wave with no air conditioning in the hotel and the conference hotel didn’t catch fire (:
Archive for the ‘observation’ Category
Taking place over the last week was the CanSecWest 2010 security conference, with their now annual Pwn2Own contest. For those that are unfamiliar, the Pwn2Own contest presents a number of devices usually consisting of mobile or cellular devices and laptops as targets and allows contestants to attempt to compromise them in some way. These targets are patched up through the most recent vendor patches, and if a contestant is able to Pwn (compromise) the device, they get to Own (keep) it. This is always a nice publicity stunt as the contest is widely publicized by it’s sponsor, providing researchers with some fame and a prize as a bit of a return on their invested effort researching vulnerabilities and developing exploits. The Zero Day Initiative (ZDI) who sponsors the contest also offers to buy the vulnerabilities used by the winners and “responsibly disclose” them to the affected vendors, providing a bit of a cash incentive as well.
Over the past few years however, some things have drastically changed in the value and marketability of such vulnerabilities.
I recently purchased the Motorola Droid from Verizon, and am so far very happy with it. Other than finding the physical keyboard a bit lacking from being extremely spoiled by the Sidekick’s physical keyboard to which no other physical keyboard could ever hope to live up to, I’ve really had no complaints with the device or the Android 2.0 operating system that runs on it. I have however, noticed that touch-screen smart-phone unlock screens (not just the Droid’s) are getting progressively less secure.
I have long been fascinated with self-given names, and the effect they have on the entity being named. Having grown up with my roots firmly planted in the computer security underground, I regularly met and dealt with people identified only by their self-given handles (pseudonyms). I soon began to notice that many of these people seemed to embody traits and mannerisms that coincidentally aligned with the character assumptions and mental imagery that their handle’s subject-matter embodied. After a while I began to wonder, did these personal traits cause the person to name themselves in a certain way, or did naming oneself a certain name begin to manifest such corresponding traits in the individual? I’ve done some preliminary research into this subject, however I’m not quite ready to release my results… that’s a discussion for another time. Instead, today I want to comment on an observation regarding an entity of another type; a corporation.