CanSecWest, chrome 0-days, breaking the Blackberry fortress
CanSecWest was fun, met a lot of people researchers, consultants and customers. Lot of them came to hear good quality lectures and I believe they have found them.
Quite a few came to see the buzz around Pwn2Own and I don’t think they could have missed the shouts of victory and the press eagerly interviewing them after their triumphant wins. I also had a chance to meet a few of our SSD researchers which shared some thoughts on the Pwn2Own even highligting the fact that 15K isn’t that much anymore for a IE8 vulnerability that can bunk its protected mode, or get you elevated privileges on the Chrome browser – I have to agree on that. This probably means there are a few chrome 0-days out there, but they are simply being sold for larger amounts of money.
Also got a chance to talk to a few of the mobile researchers that were quite impressed with the BlackBerry find, highlighting how ground breaking that was, as being the first publicly done and documented breach into the BlackBerry “fortress” – I am not sure if it is in fact the first one but it was impressive none-the-less.
For all those that came and talked to us in our booth about the SecuriTeam Secure Disclosure, just in case you didn’t write it down, the way to reach our program is by emailing SSD@beyondsecurity.com, we also offer our existing researchers a 1,000 USD bring-a-friend offer – if you need more details email me.