Cover photo
Dragos Ruiu
Works at inc.
Attended University of Alberta
Lived in Saskatchewan


Dragos Ruiu

Shared publicly  - 
good info
Have you ever wondered what's inside a Mac's Magsafe connector? What controls the light? How does the Mac know what kind of charger it is? This article looks inside the Magsafe connector and answers those questions. The Mags...
Alexandre Keledjian's profile photoPaul Henning's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
Try Googling: a long time ago in a galaxy far far away
Евгений Золотов's profile photoAlun Jones (pengfold)'s profile photoPaul Atwal's profile photoMikko Rantalainen's profile photo
And very nicely done, too. I think I must have gone too long without coffee when I wrote the above. Thank you.
Add a comment...

Dragos Ruiu

Shared publicly  - 
PWN2OWN Mobile: Daniel Komaromy (@kutyacica) and Nico Golde (@iamnion) pwned the baseband radio in a brand new Samsung S6 Edge that I unsealed from the box and updated to latest software at the conference.

The software radios on the table are pretending to be a cellphone base station - we are doing this in an isolated room deep underground where there is no cellphone coverage to interfere with and I am the only other person in the room. As soon as we power up the new phone in the presence of their attack radio, their signal patches the radio runtime software of the baseband processor (the other cpu in your cellphone that users can't access that takes care of the radio to talk to the network) so that after the patch any phone calls I make are routed to them instead of their intended destination.

I tested this after when we went to where we did have cellphone coverage by trying to dial my Japanese cellphone and it rang on Nico's cellphone instead. The modified radio software also forwarded the original number dialled so in the real world an attacker would then use a VoIP proxy to forward the call imperceptibly and listen in on it.

Ironically enough, this year at PWN2OWN we have had some of the most significant research with the smallest prizes ever, in the true spirit of security research - to reward these guys since I don't have a lavish budget I'm going to fly them and their wives, girlfriends and family to CanSecWest next year to come snowboarding/skiing after they give a technical presentation on doing security research on baseband processors and this vulnerability. (Hat tip to the Blackberry security folks who got us in touch with the right folks to get the vulnerability information to Samsung through a VP they know there.) I would like to get these guys some further reward, beyond the bragging rights for winning PWN2OWN and being the first to show a successful baseband attack, for this significant research, especially since last year we were offering $150,000 rewards for an attack like this.

These guys have been doing this work in their spare time in addition to their day jobs and have put in a significant amount of time into doing this to secure the whole industry. So if you folks know a bounty program that would be interested in these and other significant cellphone baseband radio discoveries please contact me.
Brendan Minish (bminish)'s profile photoChristian Bauer's profile photoJin Lee's profile photoJohn Bartley's profile photo
+Rachel Blum, obviously it's a deep underground hotel conference room.
Add a comment...

Dragos Ruiu

Shared publicly  - 
x86 considered harmful - invisiblethings
Intel x86 considered harmful (new paper). Oct 27, 2015 • Joanna Rutkowska. Back in summer I have read a new book published by one of the core Intel architects about the Management Engine (ME). I didn't quite like what I read there. In fact I even found this a bit depressing, even though Intel ME ...
Barbara Godin's profile photoThomas Gahr's profile photoMișu Moldovan's profile photo
That's really funny. I've always liked those guys.
Add a comment...

Dragos Ruiu

Shared publicly  - 
Good two part article about Windows appcompat cache.
Mike M's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
DisableWinTracking - Uses some known methods that attempt to disable tracking in Windows 10
Paul Hosking's profile photoBert Knabe's profile photoJimmy Cureton's profile photoIan Gorrie's profile photo
Reminds me of the days when crackers (crews), were highly skilled and fought for the right thing. You could look up to them, wanting to be like them - in helping people for the rightous cause.
Add a comment...

Dragos Ruiu

Shared publicly  - 
PWN2OWN bug to be fixed next week.
The Node.js Foundation revealed a denial-of-service and an out-of-bounds access issue and said the fixes will come next week
Mikko Rantalainen's profile photoOrlando Salinas Alcantara's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
Microsoft updated the telemetry policies/setting information and instructions for Windows 10. Generally good news and improvements.
Learn how to configure telemetry and other settings on devices running Windows 10 Enterprise or Windows 10 Education in your organization. With management controls from Group Policy to device management, and powerful imaging and deployment tools like the Windows Assessment and Deployment Kit, ...
Richard Connor's profile photoKen Barber's profile photo
I've been resisting the temptation for hours to post a snarky comment along the lines of, "and since when has Microsoft cared about what's more useful to most users?"

Oops.  I up and did it.
Add a comment...

Dragos Ruiu

Shared publicly  - 
PacSec speaker Guang Gong from Qihoo 360 just pwned my Google Project Fi Nexus 6 (which was fresh out of the box and only updated to the latest OS and apps) by having the Chrome browser visit the web server he set up on his laptop. As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone. Interestingly, this was a one shot exploit that did everything in one go instead of chaining multiple vulnerabilities. Off line we also tested his exploit on some other phones and it looks like it works on many targets - so I guess the three months he put into developing it delivered results. Since we don't have any lavish prizes for him, I'm bringing him to Canada next year for some skiing/snowboarding at CanSecWest.
Andrew Brandt's profile photoKristian Hermansen's profile photoChris Cappuccio's profile photoSkip Tavakkolian's profile photo
I guess that explains how Qihoo360 is so capable of bypassing security controls to "get installed" by Chinese adware installers and not be able to be uninstalled/removed by the end user. As far as I'm concerned, his company's product is, at best, a rogue antivirus client.
Add a comment...

Dragos Ruiu

Shared publicly  - 


We are still making PacSec announcements. But first some regrets. Other than BlackBerry, which I think says something about their security team and the culture inspired there by excellent managers, now and in the past(waves), no-one has stepped up to bat for Pwn2Own Mobile. But if you remember I started this whole thing on a challenge from some macbooks, pwn them get to keep them.

Well I'm going to do the same thing. So here is a bet/challenge 2-3 weeks out from the conference. I'm going to have a WinMo phone(TBD, but something widely avail), a Project Fi edition Nexus 6, (or a 6P if it arrives in time, supposed to arrive the day I leave), an iPhone6s plus, and a Blackberry Classic (or another model if you get a hold of me in time). You pwn any of my phones on this list and you get to keep them - and the pr bragging rights. So are you going to walk away from a million bucks for your remote iOS jailbreak to weaponize for who knows who for any nefarious what, or will you get a phone, moral high-ground, and handing it over to the original vendor/developer in the process? (and probably a few tequila shots)

Oh wait, maybe we can add one more carrot - and this clever idea is Gohsuke Takama's to give due credit. In addition to handing it over to the requisite vendor. (And as mentioned Blackberry has a bounty on any vulns for their platform....) and here is where the experiment begins, because we will auction off access to the information co-incident with the vendor disclosure, at the conference, and the proceeds go to the winning team(s). Gentlemen, start your disassemblers. Contact me if you are going to participate.
If it's got buttons, it will be pwned. *We are from the future.*
Add a comment...

Dragos Ruiu

Shared publicly  - 
The Revolights Eclipse+ attach to your wheels and can be controlled with an app, smartwatch or button on your handlebars.
Paul Atwal's profile photoJames Quartly's profile photoMike Nguyen (Darwiner)'s profile photoMatthew J. Harmon's profile photo

CC: +Christoph Wickert 
Add a comment...
Stop, Think, Pwn.
Systems Rationalizer
Bragging rights
Can hover inverted. ;-)
  • University of Alberta
Basic Information
Other names
  • inc.
    engineer, 1997 - present
  • HP
  • Myrias
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Dragos Ruiu's +1's are the things they like, agree with, or want to recommend.
Waze Social GPS Maps & Traffic

Waze is a fun, community based mapping, traffic & navigation app. With millions of drivers from across the globe joining forces to outsmart


Threema ist eine Kurznachrichten-App mit einem besonderen Fokus auf Sicherheit. Echte Ende-zu-Ende-Verschlüsselung garantiert, dass niemand


Android version of the popular CPU identification tool for PC/Windows., CPU-Z is a free application that reports information about your devi

Demand answers and real consequences for robocall election fraud

Elections Canada just traced misleading phone calls made during the 2011 federal election to a company that worked for the Conservative Part

KB14320-How to maximize battery life and free memory on the BlackBerry s...

Maximizing Battery Power. Application Management. Multitasking - Close any running BlackBerry® smartphone applications that are not being ac

Play VOB,MKV,MTS,FLV RM,RMVB on Windows RT (Surface 8 RT included) » AMV...

Overview Micrsoft has made an important step to support the playback of MPEG-4 on Windows 8 RT and Windows 8 Pro. Windows RT has excellent s

Locus Pro

MULTI-FUNCTION TOURIST NAVIGATION Irreplaceable application for hiking, geocaching and your everyday life. Locus offers many useful features

A free and open world depends on a free and open web. | Google

A free and open world depends on a free and open Internet. Governments alone, working behind closed doors, should not direct its future. The

There's a New Way to Own a Piece of Facebook Before Its IPO

If you're looking to invest in Facebook before its IPO but not privy to the secondary markets where shares of the company have been trad


Off-road GPS navigator with offline maps support, compass and track recording. Use offline maps and GPS even without an internet connection.

Vancouver Riot: Psychology (Not Hooligans) Is Responsibile for the Chaos...

As I sat at home watching the Vancouver riots unfold in front of me, I was amazed at how ill-informed the newscasters and on-site reporters