Showing posts with label Internet Explorer. Show all posts

Google's $20,000 Bounty on Chrome Hack


The 5th annual hacking Contest Pwn2Own is due to kick start in Vancouver
(Canada) on March 9th , it will be a 3days affair ( 9th,10th,11th) and google is looking foward to make it more intresting by offering  $20,000  to anyone who can succesfully hack Google chrome.
This move from Google is $5,000 higher than its counterpart.

Security researchers will be looking into exploits against windows 7 or MAC OS latest version and targets will be  Microsoft Internet explorer,Mozilla's Firefox ,Apple's Safari and Google's chrome.
Though there will be 2 technologies as usual which will be under security exploit by security researchers i.e web browsers and mobile devices.
Mobile devices which will be looked upon are Dell Venue Pro, Apple's iphone4, Blackberry Torch 9800 and Nexus S.
The first sucessful Security researchers for hacking IE, Firefox and Safari will receive $15,000 and the laptop running the browser.
Portnoy from TippingPoint Digital said:
"We've upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000," said Aaron Portnoy, the manager of HP TippingPoint's security research team.
Google is only one of four vendors to put money in the prize kitty. "Kudos to the Google security team for taking the initiative to approach us on this,".
However, the rules are slightly different for Chrome. On day 1, Google will offer $20,000 and the laptop if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code. If competitors are unsuccessful, on day 2 and 3  ZDI(Zero Day Initiative) will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug.


Charlie Miller, the only researcher to have won Pwn2Own prizes three years in a row, wouldn't commit last week to trying again, but on Wednesday he noticed the $20,000 for Chrome.

"Pwn2own now offering 20k for attack on Chrome," said Miller on Twitter. "Must be hard, glad Mac OS X doesn't sandbox their browser."
Miller is a Mac hacking authority - he co-authored The Mac Hacker's Handbook with Dino Dai Zovi, a 2007 Pwn2Own winner -- and has exploited Safari each of the last three years.

Comments

Category: , , , , , , , , , , , , ,

Zero day Vulnerability found in Microsft's Windows MHTML renderer

Microsoft has just released security advisory 2501696 ,after acknowledging a new zero day vulnerability in all current versions of Windows except Server Core. The vulnerability appears to allow maliciously infected web pages to execute code in any "zone" regardless of which zone is specified.

Applications which uses Microsoft's HTML renderer can be attacked including Internet Explorer, but applications that always open web content in the "Restricted zone" are not affected including Outlook, Outlook Express, and Windows Mail.

There is always a POC (proof of concept) going on in the wild to look into the loop holes of Microsoft Application as well operating system.
So its a matter of time when the news spread to the Malware writers and hackers to take advantage of this MS Zero day vulnerability.


Microsoft has provided a Fix it tool that allows you to apply their recommended settings without doing any manual work over the group policies as well as over registry.

P.S : Friends spread this message to your friends.

Comments

Category: , , , ,