Best Talk: Exploiting Embedded Systems by Barnaby Jack.
He presented his finding on taking a null pointer vulnerability to the next level by allowing code execution. Traditionally, null pointer vulns were overlooked because it would result in a denial of service. He showed how a D-Link router with the latest firmware, password enabled, and telnet disabled can be exploited into a password-less, telnet enabled device!
Moment that reminded me of the movie Sneakers: Eating lunch on the rotating top floor.
I had a great view into this office, and with my 200mm lens, I could see the content on the monitors.
“PWN2OWN” just got bigger: Tipping Point gives a $10k incentive for an apple hack.
The additional incentive is probably working, as I saw a few more people attempt to break in, and these guys seem to be working hard on something.
Honorable Mention: Lightning talks on the ANI vulnerability.
HD Moore presented his timetable on the exploit, and then Mike Reavey from Microsoft talked on the patch timetable.
If a presenter went over the five minutes allocated for the talk, the gong would be hit.