Final Speaker Lineup for CanSecWest 2009 (March 18-20): =============================================== The Smart-Phones Nightmare - Sergio 'shadown' Alvarez Getting into the SMRAM: SMM Reloaded - Loíc Duflot Network design for effective HTTP traffic filtering - Jeff "rfp" Forristal, Zscaler Ninja Scanning - Fyodor, Insecure.org On Approaches and Tools for Automated Vulnerability Analysis - Tanmay Ganacharya & Nikola Livic & Abhishek Singh & Swapnil Bhalode & Scott Lambert, Microsoft Kicking It Old School: No DNS Packets Were Harmed In The Making Of This Presentation - Dan Kaminski, IOActive Binary Clone Wars: Software Whitelisting for Malware Prevention and Coordinated Incident Response. - Shane Macaulay, Sean Comeau, and Derek Callaway, Security Objectives .NET Rootkits - Erez Metula The Evolution of Microsoft's Exploit Mitigations - Matt Miller and Tim Burrell, Microsoft An overview of the state of videogame console security. - Victor Muñoz A Look at a Modern Mobile Security Model: Google's Android - Jon Oberheide Bug classes we have found in *BSD, OS X and Solaris kernels - Christer Oberg and Neil Kettle, Convergent Network Solutions Multiplatform Iphone/Android Shellcode, and other smart phone insecurities - Alfredo Ortega and Nico Economou, Core Platform-independent static binary code analysis using a meta-assembly language - Sebastian Porst & Thomas "halvar" Dullien, zynamics Persistent BIOS Infection - Anibal Sacco & Alfredo Ortega, Core Decompiling Dalvik and other JavaFX - Marc Schoenefeld Automated Real-time and Post Mortem Security Crash Analysis and Categorization - Jason Shirk & Dave Weinstein, Microsoft SSL, The Sequel: MD5 collisions and EV certificates - Alexander Sotirov & Mike Zusman Exploiting Unicode-enabled software - Chris Weber Chinese Infosec & Malware Overview - Wei "icbm" Zhao, 365menshen Hacking Macs for Fun and Profit - Dino Dai Zovi & Charlie Miller ...and a variety of lightning talks... Security Masters Dojo courses (March 14-17): ==================================== Metasploit: Asymmetric Warfare - H D Moore, BreakingPoint Systems Advanced Honeypots - Thorsten Holz IPv6 Network Security - Nico Fishbach & Guillaume Valadon, COLT & CNRS Ultimate Web Hacking (One Day Edition) - Mike Andrews, Foundstone TCP/IP Network Security In Depth - Andrea Barisani, inverse path Effective Fuzzing using the Peach Fuzzing Platform - Michael Eddington, Leviathan Security Secure Java Programming and Auditing - Marc Schoenefeld Practical 802.11 WiFi (In)Security - Cédric Blancher, EADS Q/SSE Qualified/ Software Security Expert Certification Bootcamp - Security University Q/SA Qualified Security Analyst Penetration Tester - Security University Advanced Linux Hardening - Andrea Barisani & Jay Beale, inverse path & Intelguardians Physical Security and Lock Technology - Deviant Ollam The Exploit Laboratory - Advanced Edition - Saumil Shah, Net-Square Mastering the Network with Scapy - Phillipe Biondi, EADS Pwn2Own Contests: ================ There will be TWO Pwn2Own contests this year. Generous cash prize(s) for exploits will be sponsored by Tipping Point, and a Sony VAIO P fresh from Japan and a new loaded Apple Macbook will be amongst the prizes. The targets this year will be mobile smart-phones, and browsers. Mobile targets: iPhone Android Symbian RIM/BlackBerry Windows Mobile Browser Targets: IE8 FF3 Safari Opera The contest will like in previous years feature a progressively expanding attack surface over the three day duration of the conference. Final prizes and rules will be announced shortly. Post-Conference Whistler Expedition: ============================= We have secured some rooms at good rates at the Westin in Whistler and reserved a cluster of four, 3-5 bedroom, cabins for the weekend after the conference. Contact dr@kyx.net if you wish to be included in the planning, final accommodation rates will be announced shortly. Conference Hotel Block: =================== The room rates at the Sheraton Wall Center hotel where the conference is being held have been reduced from $183 to $169, and still includes a waived $15/day free internet access in the rate. Tenth Anniversary Gala Event: ======================== Since this is our tenth anniversary for the conference, we will be having a party on Thursday night. Venue TBD. We're pretty sure there will be a cake. No word yet on whether there will be dancers inside it. ;-) Day-Care Facilities will be available: ============================= As a nod to the shifting demographic of early gen. security researchers we will be trying a new experiment this year and we will be providing day-care facilities for those traveling with kids. We will try to arrange some group discounts with our provider once we know how many kids and what ages and times will have to be accommodated. If you are interested in this service please send a note to yuriko@secwest.com and let her know ages and times. We will try to get them started on exploit writing courses for pre-schoolers :-). Does this mean we are all grown up now? It promises to be another fun conference again this year. See you all there. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada  March 16-20 2009  http://cansecwest.com pgpkey http://dragos.com/ kyxpgp _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/