Black Hat hackers face off in Iron Chef style competition


Which is a better method for finding vulnerabilities, fuzzing or static-code analysis? The question will be put to the test at next month’s Black Hat USA conference, where two experienced hackers security researchers will be given a piece of mystery code and one hour to find all the vulnerabilities they can using one of the two methods. [Charlie Miller] from Independent Security Evaluators will use fuzzing and [Sean Fay] from Fortify Software will use static-code analysis to detect the vulnerabilities in the code. We reported on [Miller]‘s fuzzing talk while at Toorcon 9.

The pair will be allowed to use their own equipment, but they won’t see the code until the moment the showdown begins. For an added bit of fun, conference attendees are welcome to join in the contest. The audience member who finds the most exploits within the hour wins a free dinner at a new Las Vegas restaurant. But you don’t have to wait until then to weigh in; go ahead and post your thoughts on fuzzing vs. static-code analysis in the comments, just be ready to back up your claims.

Pwnie awards 2008, nominations open

Nominations for the 2008 Pwnie Awards have opened. The annual event, in its second year, is accepting nominations in nine categories ranging from Mass 0wnage to Best Song. The awards will be presented at the Black Hat in Las Vegas in August. Linux.com covered last year’s awards ceremony.

[photo: GNUCITIZEN]
[via trailofbits]

Upcoming events


We’re headed to Cleveland at the end of the week (we’ve heard rumors it rocks) and thought it would be good to list the events we’re planning on hitting in the next five months.

  • Notacon / Blockparty April 4-6 Cleveland, OH – This will be a first for us, but we’re definitely excited, especially for the demoscene madness at Blockparty (like Trixter’s MONOTONE PC speaker tracker).
  • ToorCon Seattle April 18-20 Seattle, WA – In its second year, this small gathering is sure to be a blast just like last year.
  • The Last HOPE July 18-20 New York, NY – Our first HOPE and the last one ever.. since the hotel is being torn down.
  • Black Hat US August 2-7 Las Vegas, NV – If anything gets released this year, it’ll be here.
  • DefCon August 8-10 Las Vegas, NV – The first con we ever went to. It’s not the best con, but it’s always interesting.
  • SIGGRAPH August 11-15 Los Angeles, CA – SIGGRAPH is where you need to be if you want to see cutting edge graphics and interaction projects. It’s a favorite of ours and a nice break from computer security.

Anything we’re missing?

UPDATE: Maker Faire May 3-4 San Mateo, CA – Can’t believe we forgot it. Thanks [pt]!