29Mar/10Off
Pwn2Own 2010 News
Pwn2Own is the brain child of Dragos Ruiu, the founder and director of the CanSecWest security conference. This is an annual conference held every year in Vancouver, Canada (usually late March). If you have never been to it I highly recommend the event. This is probably the most technically advanced conference world wide, even more so then events like Blackhat or Hack In The Box. It tends to be smaller, about 200 people. The Pwn2Own is an event where conference attendees are challenged to hack a fully patched device. The first contest began in 2007 with just a Macbook laptop, but has grown to include items such as a Windows laptop and iPhone. What makes this contest different then other hacking events is the caliber of contestants. You literally have some of the best exploit developers in the world. They are motivated with a total of $100,000, but in addition gain tremendous bragging rights. Many of the contestants said it took them 1-2 weeks to develop the exploits, in some cases two people worked together. That averages 80-160 man hours to create an exploit. This year at the contest the following fully patched systems were successfully hacked.
Firefox on 64-bit Windows 7
Internet Explorer 8 on 64-bit Windows 7
Safari on Mac OS X
iPhone
So, what does that mean to us? In general three things.
-
Developing a new exploit takes a lot of work, however with enough time and talent anything can be hacked, even something fully patched.
-
In general, most criminals are simply too lazy or do not have the skills to develop such advanced exploits. But then again, they don't have to. The simple, well known exploits and vulnerabilities are working just fine.
-
The only organizations that would have to worry about such attacks are high-value targets. If you believe you are such a target, and that threats may target specifically you, contests like this demonstrate that no matter how much prevention you implement it can be bypassed. Detection and incident response are just as important as prevention.
17Sep/09Off
Charlie Miller: Snow Leopard is not as secure as Windows Vista/7
Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said. Dubbed ASLR, for address space layout randomization, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.
"Apple didn't change anything," said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests. "It's the exact same ASLR as in Leopard, which means it's not very good."
Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said. Dubbed ASLR, for address space layout randomization, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.
"Apple didn't change anything," said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests. "It's the exact same ASLR as in Leopard, which means it's not very good."
Interesting news isn’t it 
you can continue reading @ the source here
you can continue reading @ the source here Calendar
| S | S | M | T | W | T | F |
|---|---|---|---|---|---|---|
| « Aug | ||||||
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | |
Free Softwares
- Songbird 1.8.0
- Google Earth 5.2.1.1588
- uTorrent 2.2.0 Beta 21738
- KeePass 1.18
- GPU-Z 0.4.6
- Skype 5.0.0.123 Beta
- iTunes 10.0 (32-bit)
- Digsby Beta (build 82)
- ImgBurn 2.5.2.0
- Silverlight 4.0.50826
Tag Cloud
Announcement
Antivirus
Apple
auditors
benchmark
Beta1
Browser
Business Risk Information Security
Debug
documentation
Editions
Education Certification Knowledge Experience
Federated Search
Forensic
Hacked
Hardware
HITB 2008
I'M A PC
Internet Broken
Live
MacBook
Micorosft
Microsoft
Microsoft ads
Microsoft ICE
nVidia Defective
Oracle
PDC 2008
Projects
Recorder
Security
Security Awareness
Security Talk
Snow Leopard
Sun
SuperFetch
UAC
USB 3.0
video
Wave3
Windows
Windows7
Windows 2008 R2
Windows Vista
WP-RTL