CanSecWest, touted as the world’s most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
This year the competition had 2  main technology targets. In keeping with tradition the first portion of the event attempted to bring to light the current security posture of market-leading web browser and operating system pairings. The multifaceted web browser continues to occupy a critical presence on the client-side attack surface. As Adobe, Google, and an estimated 30 other companies affected in the Aurora incident can attest to, the security posture of these products merits a yearly public evaluation by the research community at large.

The second portion of Pwn2Own 2010 offers bounties for vulnerabilities affecting mobile phones. The increased presence and capabilities of smart phones has brought with it the same security issues and attention traditionally reserved for non hand-held platforms. Vulnerabilities in parsing media, dynamic web content, e-mail, and other client-side issues have been published in the past. Additionally, many of the communication protocols that mobile phones implement are the focus of a burgeoning field of security research (ex: Lackey/Miras, Langlois, Bailey). The data stored and communicated across these devices is increasing in value to attackers.

Winners So far:

Vincenzo Iozzo and Ralf Philipp Weinmann succeeded in exploiting the iPhone in the first time slot. They exploited a Safari vulnerability with a payload which retrieved the text messages from the device.

Charlie Miller (Twitter: 0xcharlie) competed successfully for the third year in a row, taking home the MacBook Pro via a Safari exploit which delivered a full command shell payload.

Peter Vreugdenhil (Twitter: WTFuzz) succeeded against Internet Explorer 8 on Windows 7 64bit taking home the HP Envy Beats. His exploit was quite impressive from a technical impressive, bypassing all the anti-exploitation features.

Nils from MWR InfoSecurity (Twitter: MWRLabs) closed out the day with the successful of Firefox on Windows 7 taking home the Sony Vaio. He utilized the quintessential calc.exe launching payload.

The remaining registered competitor is scheduled against the Nokia but is currently missing in action.

As the luck of the draw would have it Nils on Safari, MemACCT on IE 8 and Anonymous on iPhone lost their time slots as the prizes had already been claimed. Their vulnerabilities are still eligible for submission through the Zero Day Initiative.

Google Chrome remains untested and the last browser standing as of Day 2.

via CanSecWest Applied Security Conference: Vancouver, British Columbia, Canada.

Apple has unveiled a “Countdown to 10 Billion Songs” promotion via the iTunes Store, offering the contest winner a prize of a $10,000 iTunes gift card. A counter on the main iTunes Store page and Apple’s home page currently displays in excess of 9.9 billion downloads.

According to the official contest rules, participants may make up to 25 entries per day either by purchasing/downloading songs from the iTunes Store or by filling out an entry form on Apple’s web site. The contest begins today and ends once the 10-billion-song milestone is reached.

The prize will be awarded for the entry (either through a song download or through the non-purchase online entry) sent immediately following the download of the 9,999,999,999th song. The potential winner will be determined by the order of the entries received. In the event that more than one entrant would be a winner based on the simultaneous timing of entries, one entrant will be randomly selected from those entrants as the winner. Each entrant’s chances of winning are dependent upon the number of eligible entries received.

Apple has offered similar contests in the past, such as its One Billion Song contest in 2006 and a One Billion App contest last year.

Check it out on Fox Glee Website

What do you think of this new way to scout talent? And of course, if you audition let us know your experience, especially if you get a call back or would that be a ping back?