Today starts CanSecWest 2011, in Vancouver, BC. The famous conference – which hosts the equally famous Pwn2Own contest – gathers some of the top security researchers in the World, addressing topics such as exploitation techniques (eg: the presentation on Stale Pointers by the Zynamics guys), fuzzing, gaming console security, embedded systems… Collin Mulliner will apparently elaborate on wide scale implications of his SMS-of-death attack, while Dan Kaminsky is set to wrap up ten years of security improvements…or lack thereof. The complete program is here.

Among the big names, our own FortiGuard’s researcher Haifei Li, my co-nominee for the 2010 “most innovative research” pwnie award will present his new research: Understanding and Exploiting Flash ActionScript Vulnerabilities.

For about an hour, Haifei will elaborate on the essence of ActionScript-level vulnerabilities in the ubiquitous Flash player, going into the depths of the ActionScript Virtual Machine and dissecting the Just-In-Time compiler implementation, so as to expose a general approach to exploit them, in spite of DEP and ASLR protections.

If you’re interested in Flash vulnerabilities, and are in the neck of the woods, be sure to attend his presentation on Thursday!

When The Pwnie Awards, aka the Oscars of security research, unveiled this year’s nominees on July 22, 2010, we were excited to discover that Fortinet researchers Guillaume Lovet and Haifei Li were nominated in the category of “Most Innovative Research” for their  paper “Adobe Reader’s Custom Memory Management: A Heap of Trouble.”

“Most Innovative Research” is awarded to the person(s) who published “the most interesting and innovative research in the form of a paper, presentation, tool or even a mailing list post”.

Guillaume and Haifei’s research paper dug deeply into the custom heap management of Adobe’s PDF Reader. They found that when Adobe Reader is processing a PDF file, in most allocation cases, it does not directly use the system’s heap, but maintains its own heap management system on top of the system-level heap management system. This feature provides an easier and reliable way to leverage PDF heap-based vulnerabilities.

The paper dissects the reader’s mechanisms and points out weaknesses by showing how an attacker can obtain exact EIP control in many different heap corruption situations.

On March 31, 2010, Guillaume and Haifei posted a video podcast that explained the vulnerability in detail and showed a working exploit for a PDF zero-day vulnerability. And on April 23, 2010, the two posted their Black Hat Europe 2010 presentation, as well as a whitepaper and source code, all of which can be found here.

The Pwnie Awards is an annual award ceremony that celebrates the achievements and failures of security researchers and the security community. The awards are given out once an year, and the fourth annual ceremony will take place on July 28th, 2010 in Las Vegas at the BlackHat USA security conference. This year’s esteemed judges include Dave Goldsmith, Mark Dowd, Dino Dai Zovi, HD Moore, Dave Aitel, Halvar Flake and Alexander Sotirov.

Other nominees in the category of “Most Interesting Research” include Dionysus Blazakis for his report “Flash Pointer Inference and JIT Spraying,” Joshua Mason, Sam Small, Fabian Monrose and Greg MacManus for their report “English Shellcode,” John McDonald and Chris Vasalek for their report “Practical Windows XP/2003 Heap Exploitation,” Julien Vanegue for the report “Zero-sized heap allocations vulnerability analysis” and Juliano Rizzo and Thai Duong for their report “Practical Padding Oracle Attacks.”

A complete list of award categories and nominations can be found here.