Tag - Pwn2Own
Hackers and security researchers have earned $460,000 in total in cash prizes, for successfully attacking browsers in the regularly-held Pwn2Own competition. Successful attacks against Apple Safari, Microsoft Edge, and Google Chrome, as well as Adobe Flash, rewarded the teams behind the breaches with large sums of money, and is an indicator the ongoing battle to secure end users from online criminals isn't going to die down anytime soon.
Google's Chrome OS managed to evade all intrusion attempts during the most recent Pwnium hacking competition. While Chrome OS survived intact, Chrome the web browser joined Firefox and Internet Explorer in being shown vulnerable to attack from hackers, during the Pwn2Own contest held at the CanSecWest security conference at the same time.
Google sent word that it had already patched the Chrome exploit demonstrated in CanSecWest's Pwn2Own side contest, Pwnium. Linux, Mac, and Windows versions, along with the Chrome Frame plugin for Internet Explorer, should all be secure today. It's now known to have involved universal cross-site scripting and "bad history navigation," although wider details wouldn't be published until most users of Chrome and other WebKit-using browsers like Safari were using secure versions.
Google saw an end to a brief streak on Wednesday after CanSecWest's organizers confirmed that Chrome had been hacked during the Pwn2Own contest. Team Vupen exploited a security hole in the browser within five minutes of the contest's start. The group will be getting at least a $60,000 prize, funded partly by Google itself, as well as 32 points in the still-ongoing contest; it had already found two more vulnerabilities in software at the conference in intervening hours.
Tipping Point's Pwn2Own security contest is changing its methodology in a way that could break from "sensationalist" headlines, the company's security team lead Aaron Portnoy explained. When it takes place at CanSecWest in March, the hacking competition as explained to PC Advisor would partly switch to an on-the-spot contest where teams didn't have to have ready-made hack by the time they got to the show. It would become a form of "spectator sport" and reward teams based on the speed it takes at Pwn2Own itself, scoring based on the frequency of hacks each day.
Microsoft used a tweet to confirm that its Internet Explorer 9 Release Candidate is not affected by the browser vulnerabilities used in the Pwn2Own contest to hack IE8. IE8 was hacked using an exploit devised by Stephen Fewer of Harmony Security. Fewer's code circumvented IE8's Protected Mode which is actually supposed to isolate the browser from the OS to stop such attacks.
Security researches from the French company Vupen hacked a MacBook running Safari to win the recent Pwn2Own hacking contest this week at the CanSecWest security conference. The group discovered and exploited an unpatched vulnerability in Safari's WebKit engine. The browser was directed to a website designed to take advantage of the flaw, enabling the hackers to remotely launch the calculator application and write a file to the disk.
At the fifth annual Pwn2Own competition next week, George Hotz (Geohot) will attempt to use his hacking skills that landed him in hot water with Sony to win prizes. This year's target platform will be Windows Phone 7, though other devices and operating systems will also take part. An attack will be judged successful if little or no user (owner) interaction is required and useful data is taken or a benefit gleaned by the hacker.
TippingPoint Zero-Day Initiative this evening confirmed that the iPhone's SMS database has been compromised at the annual CanSecWest conference's Pwn2Own contest. Zynamics' Vincenzo Iozzo and the University of Luxembourg's Ralf Philipp Weinmann (pictured) used a malicious website in Safari to deliver a payload that could then upload the SMS logs to a remote site. The entire compromise took place in about 20 seconds, although crafting the hack took about two weeks.
Now AAPL Stock: 92.68 ( + 0.64 )
Apple's third-quarter results due July 26
Apple has advised it will be issuing its third-quarter results on July 26, with a conference call to answer investor and analyst queries about the earnings set to take place later that day. The stream of the call will go live at 2pm PT (5pm ET) via Apple's investor site, with the results themselves expected to be released roughly 30 minutes before the call commences. Apple's guidance for the quarter put revenue at between $41 billion and $43 billion. http://apple.co/1oi1Pbm
Twitter stickers slowly roll out to users
Twitter has introduced "stickers," allowing users to add extra graphical elements to their photos before uploading them to the micro-blogging service. A library of hundreds of accessories, props, and emoji will be available to use as stickers, which can be resized, rotated, and placed anywhere on the photograph. Images with stickers will also become searchable with viewers able to select a sticker to see how others use the same graphic in their own posts. Twitter advises stickers will be rolling out to users over the next few weeks, and will work on both the mobile apps and through the browser. http://bit.ly/29bbwUE
French show carries on with iPhones
Following a prolonged power loss in a French TV studio, the crew was able to use a combination of limited studio lighting and a number of iPhones to continue taping the Saturday episode of talk show On n'est pas couché ("We're Still Awake"), using the resulting footage in the first edited episode. The Plus-model iPhones used for the impromptu shoot completion were either iPhone 6 Plusses (which shoot in 1080p) or 6s Plus models (which can shoot in 4K). The decision to use the iPhones to complete the show was made after a power outage at France 2's studio stretched to more than three hours. http://bit.ly/299wqDt
Scrivener for iOS to arrive in late July
For some long-time Scrivener users, to quote Paul Simon, "these are the days of miracle and wonders." As it marks its 10th anniversary in business, developer Keith Blount has announced that the long-awaited iOS version of his creative-writing tool Scrivener is to be submitted to the App Store, following strong praise from beta-testers. The program, expected in late July, will sell for $20 and work with both the iPad and iPhone. When we interviewed Blount last January, he added that Scrivener 3 for Mac would follow along shorty afterwards. http://bit.ly/2901XLE
WhatsApp now handles over 100M calls daily
WhatsApp is celebrating that it is being used for over 100 million calls every day. In a brief notice, the Facebook-owned messaging platform advises the voice-calling feature it rolled out to its users last year now deals with an average of over 1,100 calls initiated per second. Earlier this year, it increased the security of its calls and other messages, by introducing end-to-end encryption on all platforms. http://bit.ly/292HqCX
Adele's '25' album now streaming
Recording artist Adele has "pulled a Kanye" after saying that her current album "25" would not be available for streaming. The seven-month-old record, which has yielded a number of hit singles, is now available for streaming on all the major streaming services, such as Apple Music and Spotify, as of today in most major markets, with worldwide distribution to come. Reportedly, the singer had demanded streaming be limited to paid subscribers -- a condition that has hurt some streamers with artists, who aren't paid royalties for free or trial listens . Apple pays performers its normal royalty rates during its free trial, avoiding the issue -- and having repeated success in both signing up exclusives and placing those exclusives into the top of the charts. http://ti.me/28U7NOu
SanDisk iXpand case has battery, storage
A new iPhone 6 and iPhone 6s case from SanDisk appears to be the "holy grail" of accessories: a stylish and protective case that offers both extra storage as well as the option of extra battery power as well. The iXpand Memory case offers either 32GB, 64GB, or 128GB of additional storage incorporated into the case, and an optional add-on battery pack (sold separately) adds up to an extra day or more of charge. Through the associated iXpand app, camera photos and videos can be automatically stored on the extra storage, optionally password-protected, The cost for the case is (in order of storage capacity) $60, $100, and $130. The battery pack's release data has not yet been announced, but the add-on should retail for an additional $30. http://bit.ly/291epHu