Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

CanSecWest - Pwn2Own

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

CanSecWest - Pwn2Own

Unread postby Corrine » March 10th, 2011, 10:34 pm

Some of the events at Pwn2Own . . .

Safari/MacBook

Safari/MacBook first to fall at Pwn2Own 2011:

A team of security researchers from the French pen-testing firm VUPEN successfully exploited a zero-day flaw in Apple’s Safari browser to win this year’s Pwn2Own hacker challenge.

VUPEN co-founder Chaouki Bekrar (right) lured a target MacBook to a specially rigged website and successfully launched a calculator on the compromised machine.

The hijacked machine was running a fully patched version of Mac OS X (64-bit).


IE8/Windows 7 SP1

Pwn2Own 2011: IE8 on Windows 7 hijacked with 3 vulnerabilities:
Using three different vulnerabilities and clever exploitation techniques, Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win this year’s CanSecWest hacker challenge.

Fewer (right), a Metasploit developer who specializes in writing Windows exploits, used two different zero-day bugs in IE to get reliable code execution and then chained a third vulnerability to jump out of the IE Protected Mode sandbox.

The attack successfully bypassed DEP (data execution prevention) and ASLR (address space layout randomization), two key protection mechanisms built into the newest versions of Windows.


Note: http://twitter.com/#!/msftsecresponse/...939417998831617
@msftsecresponse Security Response
We have confirmed that IE 9 RC is not affected by the vulnerability used in the pwn2own contest. IE 9 officially releases on Monday


~~~~~~~~~~~

A few of the participants released updates to critical vulnerabilities prior to the event:

Pwn2Own 2011: On cue, Apple drops massive Safari, iOS patches:

With obvious eyes on this year’s CanSecWest Pwn2Own hacker challenge, Apple today dropped two major security updates for Safari and iOS to fix more than 60 vulnerabilities that could be used to hijack Windows, Mac OS X or iPhone/iPod Touch devices.

The patches arrive on the same day of the annual contest, which pits vulnerability researchers and exploit writers against the major web browsers and smart phones. Apple has now followed Google and Mozilla in releasing browser updates ahead of Pwn2Own.

The new Apple Safari 5.0.4 fixes a total of 62 documented vulnerabilities, most serious enough to allow code execution attacks if a user simply surfs to a booby-trapped web site. The majority of the vulnerabilities are in WebKit, the open-source browser rendering engine. {bold added]
User avatar
Corrine
Visiting Staff
 
Posts: 1193
Joined: May 12th, 2005, 8:44 am
Location: Upstate, NY
Advertisement
Register to Remove

Re: CanSecWest - Pwn2Own

Unread postby Wingman » March 11th, 2011, 6:18 pm

Interesting stuff, thanks. :)
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA


Return to News Desk



Who is online

Users browsing this forum: No registered users and 10 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware