Aug 16

Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competition

Posted in: Today's Chili

Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competitionThe folks in Mountain View are starting to make a habit of getting hacked — intentionally, that is. Earlier this year, Google hosted an event at the CanSecWest security conference called Pwnium, a competition that challenged aspiring hackers to poke holes in its Chrome browser. El Goog apparently learned so much from the event that it’s doing it again — hosting Pwnium 2 at the Hack in the Box 10th anniversary conference in Malaysia and offering up to $2 million in rewards. Bugging out the browser by exploiting its own code wins the largest award, a cool $60,000. Enlisting the help of a WebKit or Windows kernel bug makes you eligible for a $50,000 reward, and non-Chrome exploits that rely on a bug in Flash or a driver are worth $40,000. Not confident you can break Chrome? Don’t let that stop you — Google plans to reward incomplete exploits as well, noting that it has plenty to learn from unreliable or incomplete attacks. Check out the Chromium Blog at the source link below for the full details.

Filed under: ,

Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competition originally appeared on Engadget on Thu, 16 Aug 2012 11:12:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceGoogle  | Email this | Comments

No Comments | Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Jul 30

Ubisoft UPlay may accidentally contain web plugin exploit, Ezio would not approve (update: fixed)

Posted in: Today's Chili

Assassin's Creed 2 - Ezio Auditore da Firenze

If you’ve played Assassin’s Creed 2 (or other Ubisoft games), you may have installed more stealthy infiltration than you bargained for. Some snooping by Tavis Ormandy around Ubisoft’s UPlay looks to have have discovered that the service’s browser plugin, meant to launch locally-stored games from the web, doesn’t have a filter for what websites can use it — in other words, it may well be open season for any maliciously-coded page that wants direct access to the computer. Closing the purported, accidental backdoor exploit is thankfully as easy as disabling the plugin, but it could be another knock against the internet integration from a company that doesn’t have a great reputation for online security with its copy protection system. We’ve reached out to Ubisoft to confirm the flaw and learn what the solution may be, if it’s needed. For now, we’d definitely turn that plugin off and continue the adventures of Ezio Auditore da Firenze through a desktop shortcut instead.

Update: That was fast. As caught by Geek.com, the 2.0.4 update to UPlay limits the plugin to opening UPlay itself. Unless a would-be hacker can find a way to compromise the system just before you launch into Rayman Origins, it should be safe to play.

Filed under: ,

Ubisoft UPlay may accidentally contain web plugin exploit, Ezio would not approve (update: fixed) originally appeared on Engadget on Mon, 30 Jul 2012 10:02:00 EDT. Please see our terms for use of feeds.

Permalink TechDirt  |  sourceSeclists.org  | Email this | Comments

No Comments | Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Jul 11

Microsoft advises nuking Windows Gadgets after security hole discovery, we mourn our stock widgets

Posted in: Today's Chili

Windows 7 with Gadgets

Whether you see Windows Vista and Windows 7 Gadgets as handy tools or a blight upon a pristine desktop, you might want to shut them off for safety’s sake. Mickey Shkatov and Toby Kohlenberg have found that the desktop widgets’ web-based code have flaws that would allow malicious Gadgets, or even hijacked legitimate Gadgets, to compromise a PC without having to go through the usual avenues of attack. Microsoft’s short-term answer to the vulnerability is a drastic one, though: a stopgap patch disables Gadgets entirely, leaving just a barren desktop in its wake. There’s no word on a Gadget-friendly solution arriving before Kohlenberg and Shkatov present at the Black Hat Conference on July 26th, but we suspect Microsoft’s ultimate answer is to move everyone to Windows 8, where Gadgets aren’t even an option. We understand the importance of preventing breaches, of course — we’re just disappointed that we’ll have to forgo miniature stock tickers and weather forecasts a little sooner than expected.

Filed under:

Microsoft advises nuking Windows Gadgets after security hole discovery, we mourn our stock widgets originally appeared on Engadget on Wed, 11 Jul 2012 14:42:00 EDT. Please see our terms for use of feeds.

Permalink Computerworld  |  sourceMicrosoft, Black Hat Conference  | Email this | Comments

No Comments | Tags: , , , , , , , , , , , , , , , , , , , , , , ,