Bugs
CanSecWest was as interesting as always this year, although it could have been renamed MacBashWest. Sergio Alvarez demonstrated a new iPhone exploit that enabled an attacker to make the phone's stack executable. He used register values to write the address of a function call into the stack, which once executed would allow him to execute any other code pushed to the stack. However, this only worked on a jailbroken iPhone, he admitted.
Charlie Miller and Dino Dai Zovi hosted a talk in which they launched their OS X Hacking book, along with a conversion of the Meterpreter Metasploit tool for the Mac. Dai Zovi, demonstrating the heap stack exploit he'd shown previously at SOURCE Boston, drew a distinction between safety and security on the Mac, explaining that simply avoiding attacks through relatively low market share didn't make a system secure. "OS X is currently a safe operating system to use for most people, but it's not secure," Zovi said, adding that the system hadn't been updated for almost a decade in some crucial areas. "Leopard lags behind Windows Vista and Linux."
Miller, who exploited a Safari bug in minutes as part of the show's Pwn2Own contest last week, also launched an informal 'No More Free Bugs' campaign with Zovi, urging security researchers to stop giving away their bugs for free to vendors. "The last time I gave a bug away was an Android bug to Google. What I got from it was someone from Google calling my boss and asking if I was following company policy," Miller complained, adding that donating information about product vulnerabilities to vendors was also unfair on his paying clients. "Vendors, please pay us for our work," he concluded.
In other news, researchers at Inverse Path demonstrated how to use laser beams to read PC monitors and PS2 keyboard links at a distance, while others demonstrated how to break into system management mode by poisoning the CPU cache - something that would give attackers unfettered access to core computing functions.
Browsers
Microsoft shipped IE 8. Then various folks at CanSecWest hacked it (along with Firefox and Safari, to be fair).
Bureaucracy
The SEC has made some improvements in its security in the past couple of years, said a GAO report, but a lack of cohesion in its planning has made it weaker than it was before.
Northern California's high-tech crime fighting team is up and running again after the almost-bankrupt state finally passed its budget. But it won't be doing nearly as much work thanks to operational restrictions say insiders.
Backtracks
Symantec changed its policy on the Norton Safe Search search box that it had been turning on by default in the Norton toolbar. It now ships turned off out of the box, instead.
Busts
The Romanian police reportedly busted a major cybercrime ring, arresting around 20 hackers accused of operating phishing sites. They also arrested an individual suspected of hacking into US-owned web sites including those operated by NASA.
A federal grand jury indicted a tech employee for disabling oil pipeline leak detection systems off the Californian coast.