Wednesday, November 26, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Europe Wants Right-to-be Forgotten to Go Globally
Far Cry 4 Game Available For Free With Purchase of 840 EVO SSD
UK Music Industry Seeks For New Tax on CD Copying
Samsung's DeepSort Sorting Engine Prevails In Benchmarks
Sony Plans E-Paper Watch: report
HP Reports Fiscal 2014 Full-Year and Fourth Quarter Results
Hitachi Wearable Device Monitors Brain Functions
Hitachi Technology Stores Digital Data In 100 Recording Layers, Data Can be Stored For 300 million Years
Active Discussions
Hi All!
cdrw trouble
CDR for car Sat Nav
DVD/DL for Optiarc 7191S at 8X
Copied dvd's say blank in computer only
Made video, won't play back easily
New Features In Firefox 33
updated tests for dvd and cd burners
 Home > News > General Computing > Pwn2Own...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, March 13, 2014
Pwn2Own Hacking Contest Win Record $400K So Far


The first day of Pwn2Own 2014 saw successful attempts by five entrants against five products including Internet Explorer, Firefox, and Adobe Flash and Reader. The result was payouts of $400,000 to researchers in the main competition and $82,500 to charity in the Pwn4Fun sponsors-only event.

At Pwn4Fun, Google delivered a very impressive exploit against Apple Safari launching Calculator as root on Mac OS X. Hewlett-Packard's ZDI (Zero Day Initiative) presented a multi-stage exploit, including an adaptable sandbox bypass, against Microsoft Internet Explorer, launching Scientific Calculator (running in medium integrity) with continuation. Combined, the two efforts raised $82,500 for the Canadian Red Cross, the charity agreed upon by both sponsors.

A team from Vupen, a French vulnerability research firm, ended Wednesday $300,000 richer, having hacked Adobe Flash, Adobe Reader, Firefox, and IE11 for a one-day foursome.

To attack Adobe Flash, they exploited a use-after-free vulnerability with an IE sandbox bypass, which resulted in code execution.

"Use-after-free" is a term for a type of memory management bug.

Against Adobe Reader, they demonstrated a heap overflow and PDF sandbox escape, resulting in code execution.

A "sandbox" is an anti-exploit technology deployed by some software that is designed to isolate an application so that if attackers do find a vulnerability in the code, they must "escape" the sandbox, to execute their malicious code on the machine.

Microsoft Internet Explorer's sandbox was bypassed due to a use-after-free vulnerability causing object confusion in the broker.

"Broker" is the label for the part of the sandbox that acts as the supervisor for all protected processes.

Vupen researchers also hit Mozilla's Firefox by taking advantage of a use-after-free flow resulting in code execution.

Researchers Mariusz Mlynski and Jri Aedla atacked Firefox, with each winner picking up $50,000 for their exploit.

Pwn2Own continues today, with researchers slated to tackle Apple's Safari and Google's Chrome, as others take additional attempts at Adobe Flash, Firefox and Internet Explorer.

Also yesterday, Google ran its own one-day "Pwnium 4" contest at CanSecWest, pitting researchers against Chrome OS. A researcher has successfully exploited Chrome OS on an HP Chromebook 11, winning the notebook and a $150,000 prize.




Previous
Next
Google Offers 1TB Of Cloud Storage For $10        All News        European Parliament Approves Common Mobile Charger Plan
Google Offers 1TB Of Cloud Storage For $10     General Computing News      Apple Patent Hints On Health-related Wearable Device

Get RSS feed Easy Print E-Mail this Message

Related News
Windows Phone, Android Targeted At Mobile Pwn2Own 2014
Amazon Fire Phone, iPhone, Nexus 5, Samsung S5, "Attacked" At Mobile Pwn2Own
Hackers Hit US Postal Service
Home Depot Says About 53 million Email Addresses Stolen in Recent Breach
China Denies Apple's iCloud Hack Allegations
iSIGHT Discovers Windows Server Vulnerability Used in Russian Cyber-espionage Campaign
JPMorgan Hack Is Among Biggest Breaches in History
Hackers Exploit 'Shellshock' Cyber Thread
JPMorgan Servers Hacked in June
Health Data Stolen in Cyber Attack from China
Hackers Stole Over 1 Billion Records
Hackers Can Use USB Devices in Attacks

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .