Copyright © 2016
Tag - Pwn2Own
Google's Chrome OS managed to evade all intrusion attempts during the most recent Pwnium hacking competition. While Chrome OS survived intact, Chrome the web browser joined Firefox and Internet Explorer in being shown vulnerable to attack from hackers, during the Pwn2Own contest held at the CanSecWest security conference at the same time.
Google sent word that it had already patched the Chrome exploit demonstrated in CanSecWest's Pwn2Own side contest, Pwnium. Linux, Mac, and Windows versions, along with the Chrome Frame plugin for Internet Explorer, should all be secure today. It's now known to have involved universal cross-site scripting and "bad history navigation," although wider details wouldn't be published until most users of Chrome and other WebKit-using browsers like Safari were using secure versions.
Google saw an end to a brief streak on Wednesday after CanSecWest's organizers confirmed that Chrome had been hacked during the Pwn2Own contest. Team Vupen exploited a security hole in the browser within five minutes of the contest's start. The group will be getting at least a $60,000 prize, funded partly by Google itself, as well as 32 points in the still-ongoing contest; it had already found two more vulnerabilities in software at the conference in intervening hours.
Tipping Point's Pwn2Own security contest is changing its methodology in a way that could break from "sensationalist" headlines, the company's security team lead Aaron Portnoy explained. When it takes place at CanSecWest in March, the hacking competition as explained to PC Advisor would partly switch to an on-the-spot contest where teams didn't have to have ready-made hack by the time they got to the show. It would become a form of "spectator sport" and reward teams based on the speed it takes at Pwn2Own itself, scoring based on the frequency of hacks each day.
Microsoft used a tweet to confirm that its Internet Explorer 9 Release Candidate is not affected by the browser vulnerabilities used in the Pwn2Own contest to hack IE8. IE8 was hacked using an exploit devised by Stephen Fewer of Harmony Security. Fewer's code circumvented IE8's Protected Mode which is actually supposed to isolate the browser from the OS to stop such attacks.
Security researches from the French company Vupen hacked a MacBook running Safari to win the recent Pwn2Own hacking contest this week at the CanSecWest security conference. The group discovered and exploited an unpatched vulnerability in Safari's WebKit engine. The browser was directed to a website designed to take advantage of the flaw, enabling the hackers to remotely launch the calculator application and write a file to the disk.
At the fifth annual Pwn2Own competition next week, George Hotz (Geohot) will attempt to use his hacking skills that landed him in hot water with Sony to win prizes. This year's target platform will be Windows Phone 7, though other devices and operating systems will also take part. An attack will be judged successful if little or no user (owner) interaction is required and useful data is taken or a benefit gleaned by the hacker.
TippingPoint Zero-Day Initiative this evening confirmed that the iPhone's SMS database has been compromised at the annual CanSecWest conference's Pwn2Own contest. Zynamics' Vincenzo Iozzo and the University of Luxembourg's Ralf Philipp Weinmann (pictured) used a malicious website in Safari to deliver a payload that could then upload the SMS logs to a remote site. The entire compromise took place in about 20 seconds, although crafting the hack took about two weeks.
Now AAPL Stock: 93.99 ( + 0.29 )
Apple to open R&D center in India
A new report says that Apple will be opening a new technology center in Hyderabad, India, helping to boost the city's growing reputation as a tech center. The facility would operate within the WaveRock facility, and create 4,500 new jobs at a cost of around $25 million. In 2015, India surpassed the $1 billion in yearly sales milestone, and Apple has recently received permission to open retail stores in the country under its own control, an exception to rules that usually block foreign ownership. http://zd.net/1SMBVu4
Google killing Picasa starting May 1
Google Photos head Anil Sabharwal confirmed in a blog post today that the search engine giant will be shutting down acquisition Picasa. Support and downloads for the desktop application will terminate on March 15 with the application continuing to work for the time being. The transition to Google Photos truly commences on May 1, with deprecation of some Picasa API calls happening shortly thereafter. Users that have Google Photos access will find their photos already migrated. A mass-download tool for users not wishing to use Google Photos will be available sometime after May 1. http://bit.ly/1SmV2KH
Rogue Amoeba Piezo updated, departing App Store
In order to continue working on audio capture tool Piezo, developer Rogue Amoeba has simultaneously updated the app to version 1.5, and announced that it will pull version 1.2.6 from the Mac App Store. Customers who own the Mac App Store version have a one-time migration process to the Rogue Amoeba-served version. The company notes that the sandboxing restriction placed on Mac App Store versions "effectively stopped our ability to upgrade Piezo in any meaningful way." [8.80MB] http://bit.ly/1PIjz7l
FCC spectrum auction will happen without Google
After throwing its hat in earlier, Google (and associated companies) has declared that it is not participating in this year's FCC spectrum auction. A company spokeswoman said of the auction that "like all those interested in improved connectivity and equitable access, we'll be following the upcoming spectrum auction closely. That said, we have not filed to participate." http://on.recode.net/1oy5LWk
iPad Air 3, iPhone 5se sold Friday after launch?
Reverting the way products are actually released by Apple after an announcement to the way it was a decade ago, reports are circulating that new products revealed at a March announcement will go on sale the Friday immediately following the unveil. Slated to appear at a conjectural Tuesday, March 15 event are a new Apple four-inch phone with more up to date internals currently referred to as the iPhone 5se, and a new iPad Air 3 model with Smart Connector and other enhancements. http://bit.ly/1o7mqiY
Lexmark prevails in toner import appeal
Printer manufacturer Lexmark has won an appeal on the third-party US resale of its printer cartridges originally destined for markets outside North America. The appeals court ruled in a 10-2 vote in favor of Lexmark's demand to stop the sale and against Impression Products, both on the toner cartridge resale matter, as well as a related matter regarding overturning the reseller's refilling one-use cartridges and selling those in the US market. The ruling has ramifications in the tech industry, as well as the pharmaceutical and medical technology markets. Impression Products promises an appeal before the supreme court. http://reut.rs/1SLVmmG
AT&T expands BOGO promo to iPhone 6s
Beginning today, new and existing AT&T customers can purchase a new iPhone 6s and get another one free when adding a second line. Over the weekend, customers must purchase two phones through AT&T Next (one can be an existing number), and add both phones to a qualified plan. AT&T notes that "after three bill cycles or less" the account will start to receive up to $650 spread out over 30 monthly bill credits to offset the cost of the installment plan for the phone. Taxes are due at time of sale. http://soc.att.com/1SLUP4k