Jump to content
Sign in to follow this  
MetalMime

The year every web browser went down

Recommended Posts

Pwn2Own 2015: The year every web browser went down

Every major web browser showed up, every web browser got hacked

The 2015 edition of Pwn2Own is over. Participants discovered an incredible 21 critical bugs, resulting in a combined payout of $557,500.

Almost half of the money went to Jung Hoon Lee, aka lokihardt, who demonstrated a nasty attack against Chrome. His hack started with a buffer overflow race condition and then, to break out of the security sandbox that’s supposed to keep exploits from spilling over to Windows, executed attacks against two separate Windows kernel drivers. By the time the dust as settled, Lee had gained full system-level access.

That was enough to make him $110,000 richer. He earned $75,000 for breaking into Chrome, $25,000 for escalating to a system-wide attack, and $10,000 for proving the attack works against both the stable and beta versions of the browser.

Source:

http://www.zdnet.com/article/pwn2own-2015-the-year-every-browser-went-down/

http://www.digitaltrends.com/computing/hacker-earns-225000-at-pwn2own-2015/


Guitar Zero... Great use of time. You Don't Shred on 5 Buttons !!

Share this post


Link to post
Share on other sites

Interesting, I stopped using Chrome and Google as a search engine a while ago. Is the situation the same with Safari (mac) and Firefox (win and mac)?

Share this post


Link to post
Share on other sites

The moral of this story is that you must always update Windows, web browsers, and Adobe programs as soon as patches become available. Security, as the saying goes, isn't a product, it's a process.


Guitar Zero... Great use of time. You Don't Shred on 5 Buttons !!

Share this post


Link to post
Share on other sites

Flash and Java are the worst offenders although to be fair its largely because every browser uses them so its a mandatory target for hackers.

As far as browsers go Safari is probably one of the safer ones because its unpopular meaning the average hacker wouldn't have as much experience/knowledge about it to exploit its vulnerabilities.

A good firewall, A/V and safe browsing habits are probably a good idea too. And you'd also be surprised with the damage that can be done from your wifi if you let somebody in that you can't trust 100%. A lot of people are running packet sniffers and all sorts of other crap on jailbroken androids/smartphones. In fact probably don't use your smartphone for anything involving passwords in public hotspots either.


AKA battery

Share this post


Link to post
Share on other sites
mazte" post="28209" timestamp="1437612119"]

Flash and Java are the worst offenders although to be fair its largely because every browser uses them so its a mandatory target for hackers.

As far as browsers go Safari is probably one of the safer ones because its unpopular meaning the average hacker wouldn't have as much experience/knowledge about it to exploit its vulnerabilities.

A good firewall, A/V and safe browsing habits are probably a good idea too. And you'd also be surprised with the damage that can be done from your wifi if you let somebody in that you can't trust 100%. A lot of people are running packet sniffers and all sorts of other crap on jailbroken androids/smartphones. In fact probably don't use your smartphone for anything involving passwords in public hotspots either.

Thanks Mazte, I'm on Safari ,most of the time with VPN and Little Snitch on, so I guess I'm pretty solid.

BTW it is time to stop using flash, here is how to uninstall it http://appleinsider.com/articles/15/07/13/its-time-to-uninstall-adobes-flash-from-your-mac---heres-how

AND if you are interested in encrypted emails, here, just started new service tutanota.com

Share this post


Link to post
Share on other sites
negative_energy" post="28211" timestamp="1437622004"]

To uninstall Flash from a MAC, Id just throw the MAC out the window ;-)

(Sorry I couldnt resist!)

What's wrong with mac?

Share this post


Link to post
Share on other sites

Firefox is Frying Flash By Default

It hasn’t been a good week for Adobe. In the wake of the Hacking Team hacks that leaked 400GB of data belonging to the secretive company earlier this month, multiple 0-day exploits surrounding Java and Flash have been shared with the online community. Adobe reacted quickly and addressed the first set of problems, but a second wave of flaws was discovered soon after including another pair of 0-day exploits.

Flash has already been on life support. Both Chrome and Firefox have already moved on to HTML5 but Internet Explorer 11 still uses the Flash Player by default on YouTube. There are other services and ads that still rely on Adobe Flash, but that number has been steadily declining over the last few months.The recently discovered 0-day attacks have been severe and at least one of the attacks were severe enough to breach the sandbox Google had built around the Chrome browser.

Source:

http://news.filehippo.com/2015/07/firefox-frying-flash-default/


Guitar Zero... Great use of time. You Don't Shred on 5 Buttons !!

Share this post


Link to post
Share on other sites
negative_energy" post="28217" timestamp="1437631626"]

Im not going to go there

You kinda did when you said that you couldn't resist, so, cmon don't be shy.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×