Hasta La Gadget!

The folks in Mountain View are starting to make a habit of getting hacked — intentionally, that is. Earlier this year, Google hosted an event at the CanSecWest security conference called Pwnium, a competition that challenged aspiring hackers to poke holes in its Chrome browser. El Goog apparently learned so much from the event that it’s doing it again — hosting Pwnium 2 at the Hack in the Box 10th anniversary conference in Malaysia and offering up to $2 million in rewards. Bugging out the browser by exploiting its own code wins the largest award, a cool $60,000. Enlisting the help of a WebKit or Windows kernel bug makes you eligible for a $50,000 reward, and non-Chrome exploits that rely on a bug in Flash or a driver are worth $40,000. Not confident you can break Chrome? Don’t let that stop you — Google plans to reward incomplete exploits as well, noting that it has plenty to learn from unreliable or incomplete attacks. Check out the Chromium Blog at the source link below for the full details.

Filed under: Internet, Software

Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competition originally appeared on Engadget on Thu, 16 Aug 2012 11:12:00 EDT. Please see our terms for use of feeds.

Permalink   |  Google  | Email this | Comments

Considering that Flame and Stuxnet have been gunning at Iran for a while, it should come as no suprise that there’s another cyberweapon lurking in the shadows. This one’s been dubbed ‘Gauss’ and it’s harvesting bank account information. More »

In a move that’s certainly set to have some long-lasting consequences on the world’s stage, as security experts at Kaspersy Lab speak with the United Nations on how acts of digital espionage – hacking, that is – should be outlawed. Though it’s true that hacking is not an act that’s technically legal in most places around the world – noone wants to have their computer busted into – it’s not yet been agreed upon between the world’s nations whether or not they should agree to outlaw digital attacks the way they did chemical warfare. It’s more of a gentlemen’s agreement not to be a jerk than it is a hard and fast set of rules.

Back in World War I (and well before), there was one whole heck of a lot of gas being spread around between fighting nations. Because of the absolute horror that resulted in The Great War – and the many times before and after that most visible event – the Chemical Weapons Convention now exists. This arms control agreement outlaws chemical weapons and is administered by the Organization for the Prohibition of Chemical Weapons in The Hague, Netherlands.

As a result of the latest “cyber snooping” assault called Gauss in the Middle East, Vitaly Kalmuk, chief malware officer at Kaspersy Lab, is heading up an initiative to urge the UN to make such attacks a thing of the past.

“We still think there is a lack of attention and lack of response in the area of nation-state supported development of malware. We think it should become a global problem and it should be discussed on an international level, probably in the United Nations, and there should be treaties. But that is not happening now. There is not enough changes.” – Kalmuk

Details surrounding what kind of treaties Kalmut speaks about are not yet available, but once talks are initiated, we’re expecting a whole lot to be done in a short time.

What do you think, readers? Do you feel that the United Nations should agree upon a mutual disarming of sorts for digital warfare? There’s also the risk of third party groups getting involved when they feel the UN’s collected countries guards are down – or is that a matter of protection quite separate from having the ability to attack? Let us know what you think of Kaspersy Lab’s initiative today!

[via Guardian]

International community may soon outlaw cyber-attacks is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

The hack performed against Wired writer Mat Honan serves as a cautionary tale for others to ensure they back up their data, but what about the security issues found with the companies that helped facilitate the crime? Amazon fixed its own security hole yesterday, and now Apple has blocked customer service representatives from issuing password changes over the phone for Apple IDs.

According to an Apple employee that spoke to Wired, the company has placed a 24 hour freeze on any new over-the-phone password changes in order to give the team more time to think about and implement new security measures. When Wired once again tried to duplicate the social engineering used against Apple customer service representatives, they were told that the systems were prevented from resetting passwords, and that users had to do so via Apple’s website instead.

There’s still no official comment from Apple regarding the freeze, however, and it’s not yet clear what the company intends to do to prevent similar situations from occurring in the future. Amazon quietly fixed its own security issue yesterday, with a new policy in place that prevents callers from simply providing a name, email address, and home address to gain access to an account.

The hacker who reset Honan’s various Apple devices first went after his Amazon account, providing the easily gathered information to customer service representatives over the phone in order to gain access. Once the hacker managed that, the last four digits of Honan’s credit card were displayed in his account, information that Apple representatives happily accepted as proof as identity, allowing the individual to perform a password reset and gain access to the iCloud account.

Apple freezes over-the-phone password resets is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

We’ve been reeling a bit ever since Mat Honan was the victim of that ruthless social hack that wiped all his devices. Sure, that was an extreme case. But it’s also one that could happen to anyone, at any time. So we put together a list of the best ways to make sure your internet self—your accounts, your cash, and your information—stays secure. More »