| New User, Welcome! Login |
Charlie Miller
no-network profile may have access to network resources through the
use of Apple events to invoke the execution of other applications not
directly restricted by the sandbox.
It is worth mentioning that a similar issue was reported by Charlie
Miller in his talk at Black Hat Japan 2008 [2]. He mentioned a few
processes sandboxed by default as well as a method to circumvent the
protection. Sometime after the talk, Apple modified the mentioned
profiles by restricting the use of Apple events but did not modify the
generic profiles.
accommodation for 3 nights / 4 days and travel expense reimbursement up
to EUR1200.00 per speaking slot.
Your submission will be reviewed by The HITB CFP Review Committee:
Charlie Miller, Principal Research Consultant, Accuvant Labs
Katie Moussouris, Senior Security Strategist, Microsoft
Itzik Kotler, Chief Technology Officer, Security Art
Cesar Cerrudo, Chief Technology Officer, IOActive
Jeremiah Grossman, Founder, Whitehat Security
Andrew Cushman, Senior Director, Microsoft
* Pedram Amini @pedramamini
* Erik Cabetas (Include Security)
* Dino A. Dai Zovi (Trail Of Bits) @dinodaizovi
* Alexander Sotirov @alexsotirov
* Barnaby Jack (McAfee) @barnaby_jack
* Charlie Miller (Accuvant) @0xcharlie
* David Litchfield (Accuvant) @dlitchfield
* Lurene Grenier (Harris) @pusscat
* Alex Ionescu @aionescu
* Nico Waisman (Immunity) @nicowaisman
* Philippe Langlois (P1 Security, TSTF, /tmp/lab) @philpraxis
Each non-resident speaker will receive accommodation for 3 nights / 4
days at the Crowne Plaza Mutiara and travel reimbursement up to USD 1,200.00
Your papers will be reviewed by the HITB CFP Review Board which includes:
Charlie Miller (Principal Analyst, Independent Security Evaluators)
Jeremiah Grossman (Founder, Whitehat Security)
Red Dragon Thanh (THC, VNSECURITY, Intel Corp)
Mark Curphey (Director, Microsoft Corp)
Cesar Cerrudo (Founder / CEO ArgenISS)
Saumil Shah (Founder CEO Net-Square)
Android with change 8815
Credit: Initial vulnerability report and sample crasher provided by
Owen Arden <owen@securityevaluators.com> and
Charlie Miller <cmiller@securityevaluators.com>.
Thanks to PacketVideo for the comprehensive analysis and
patching.
CVE: CVE-2009-0475
Vulnerability : buffer overflows
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2010-2935 CVE-2010-2936
Charlie Miller has discovered two vulnerabilities in OpenOffice.org
Impress, which can be exploited by malicious people to compromise a
user's system and execute arbitrary code.
1) An integer truncation error when parsing certain content can be
exploited to cause a heap-based buffer overflow via a specially
* Pedram Amini (ZDI) @pedramamini
* Erik Cabetas
* Dino A. Dai Zovi (Trail Of Bits) @dinodaizovi
* Alexander Sotirov @alexsotirov
* Barnaby Jack (IOActive) @barnaby_jack
* Charlie Miller (SecurityEvaluators) @0xcharlie
* David Litchfield (V3rity Software) @dlitchfield
* Lurene Grenier (Harris) @pusscat
* Alex Ionescu @aionescu
* Nico Waisman (Immunity) @nicowaisman
* Philippe Langlois (P1 Security, TSTF, /tmp/lab) @philpraxis
2009-03-19 - Vulnerability reported to vendor
2009-05-13 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Charlie Miller, Independent Security Evaluators
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Mobitex network security - olleB, toolcrypt.org
Peach Fuzzing - Michael Eddington, Leviathan
Fuzz by Number - Charlie Miller, Independent Security Evaluators
Fuzzing WTF? What Fuzzing Was, Is And Never Will Be. - Frank Marcus
and Mikko Varpiola,Wurldtech / Condenomicon
Vulnerabilities Die Hard - Kowsik Guruswamy, Mu
2008-03-27 - Vulnerability reported to vendor
2008-04-16 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Charlie Miller, Jake Honoroff and Mark Daniel
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Android 1.5 CBDxx, CRCxx and COCxx (where xx are digits)
Dalvik API DoS:
Android >= Donut DRC79
Credit: Charlie Miller, Collin Mulliner (malformed SMS DoS). Emmanouel
Kellinis, KPMG London (Dalvik API DoS).
CVE: CVE-2009-2999 (malformed SMS DoS)
Timeline:
Keynote Presentation November 4: Mitsugu Okatani, National Information Security Center / Ministry of Defense / Japan Air Self-Defense Force
Keynote Presentation November 5: Hideaki Kobayashi, Information Technology Promotion Agency
Virtualisation security and the Intel privilege model - Tavis Ormandy & Julien Tinnes, Google
Silicon Chips: No More Secrets - Karsten Nohl
Filter Resistant Code Injection on ARM - Yves Younan, University of Leuven
iPhone SMS Fuzzing and Exploitation - Charlie Miller, Independent Security Evaluators
The Microsoft View of the 2008 Threat Landscape - Tony Lee, Microsoft
Cloud Defense in the Post-BotWar Era - Ikuo Takahashi
The Android Security Story: Challenges and Solutions for Secure Open Systems - Rich Cannings & Alex Stamos, Google, iSec Partners
Stealthy Rootkit : How malware fools live memory forensics - Tsukasa Ooi, Livegrid
Defending a Social Network - Alex Rice, Facebook
Stuart Starr, US National Defence University
Amit Yoran, NetWitness
Charlie Miller, Independent Security Evaluators
Julie Ryan, George Washington University
Richard Favier, BreakingPoint Systems
2010-03-26 - Vulnerability reported to vendor
2010-04-14 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Charlie Miller
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Luc Dandurand, NATO C3 Agency - Rationale and Blueprint for a Cyber Red Team Within NATO
Sachin Deodhar Cyberconflict Researcher, India - Terrorism and covert channels
Keren Elazari, Verint Systems - APT Forensic
Mikko Hypponen Chief Research Officer, F-Secure - Cyber espionage in practice
Ralph Langner, Langner Communications GmbH, The first deployed cyber weapon in history: Stuxnet’s architecture and implications
Charlie Miller, Independent Security Evaluators - Anti-exploitation techniques
Ruslan Smelyanskiy, Moscow State University - TBD
Tom Wingfield and/or Mike Schmitt - Manual of International Law Applicable for Cyber Conflict
Major General Jonathan Shaw, UK MoD - Cyber Force From a Nation State Perspective
Charl van der Walt, Sensepost - TBD
Amit Yoran, NetWitness - The Failure of Cyber Forces
to EUR1200.00.
Your submission will be reviewed by The HITB CFP Review Committee which
includes:
Charlie Miller (Principal Analyst, Independent Security Evaluators)
Jeremiah Grossman (Founder, Whitehat Security)
Red Dragon Thanh (THC, VNSECURITY, Intel Corp)
Mark Curphey (Director, Microsoft Corp)
Cesar Cerrudo (Founder / CEO ArgenISS)
Saumil Shah (Founder CEO Net-Square)
2011-03-09 - Vulnerability reported to vendor
2011-03-22 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Charlie Miller and Dion Blazakis
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Your submission will be reviewed by The HITB CFP Review Committee which
includes:
Charlie Miller (Principal Analyst, Independent Security Evaluators)
Jeremiah Grossman (Founder, Whitehat Security)
Red Dragon Thanh (THC, VNSECURITY, Intel Corp)
Mark Curphey (Director, Microsoft Corp)
Cesar Cerrudo (Founder / CEO ArgenISS)
Saumil Shah (Founder CEO Net-Square)
travel expenses up to EUR1200.00.
Your submission will be reviewed by The HITB CFP Review Committee which
includes:
Charlie Miller (Principal Analyst, Independent Security Evaluators)
Jeremiah Grossman (Founder, Whitehat Security)
Red Dragon Thanh (THC, VNSECURITY, Intel Corp)
Mark Curphey (Director, Microsoft Corp)
Cesar Cerrudo (Founder / CEO ArgenISS)
Saumil Shah (Founder CEO Net-Square)
|
|
|
