dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
957
Velnias
join:2004-07-06
233322

Velnias

Member

Pwn2Own 2014 results

The second and final day of Pwn2Own ended with $450,000 paid to researchers.
»www.pwn2own.com/2014/03/ ··· day-two/

Chubbzie
join:2014-02-11
Greenville, NC

1 recommendation

Chubbzie

Member

Breaking out of these sandboxes has become such a trivial matter. The industry needs to move out of the sandboxes and into the tarpits.
daveinpoway
Premium Member
join:2006-07-03
Poway, CA

daveinpoway to Velnias

Premium Member

to Velnias
Every company which puts out a browser should hire at least one hacker and agree to pay him/her more money for more flaws that they discover in the company's product (so that they are motivated to do their best regarding finding these flaws).

Each time that the "internal hacker" discovers how to break in, the company management should speak to the software development team and tell them "We know that you have been working very hard, but the code you have produced isn't secure enough- try again".

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to Velnias

Premium Member

to Velnias
Prepare to Surf the Wave of Updates
quote:
Last week at the CanSecWest convention (covered extensively by my comrade Jerome Segura) the annual Pwn2Own competition took place, where hundreds of thousands of dollars were up for grabs by security teams who were willing to discover new zero-day exploits in common software.
»blog.malwarebytes.org/se ··· updates/

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to Velnias

MVM

to Velnias
Ultimately the problem is that the browser attack surface is growing faster then security can keep up and no doubt this trend will continue for some time.

All of these companies have 'hackers' working for them and they do find lots of issues which are fixed, but given the growth requirements, resources etc, your not going to find everything and fix it. Ultimately this is why the NSA doesn't need a built in backdoor as there are lots within the code naturally.

But another good Pwn2Own is in the books.

Blake
Velnias
join:2004-07-06
233322

1 edit

Velnias

Member

I wish humankind ONE browser without programming errors. God, please ( devil Bill Gates in me says that "Hello, World" can be hacked countless ways and forever ).

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

A surprising number of vulnerabilities aren't programming errors, they are design errors, often the result of conflicting features.

Blake
Velnias
join:2004-07-06
233322

Velnias

Member

Agree. Just generalization, because updates do solve design and features problems. Still no safe internet browser in near future.

EUS
Kill cancer
Premium Member
join:2002-09-10
canada

EUS to Velnias

Premium Member

to Velnias
Code execution on which OS? Linux? Windows?
Velnias
join:2004-07-06
233322

Velnias

Member

Sorry, what are you about?

EUS
Kill cancer
Premium Member
join:2002-09-10
canada

EUS

Premium Member

said by Velnias:

Sorry, what are you about?

About 5'9", you?

Chubbzie
join:2014-02-11
Greenville, NC

Chubbzie

Member

Lol, thanks for the laugh this morning EUS!

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to EUS

MVM

to EUS
OS's used and fell victim to code executions were OS X Mavericks and Windows 8.1. I'm not sure Linux has the ability (or perhaps the desire) to put up the prize money these hackers expect for giving away a zero day at Pwn2Own.

Blake

EUS
Kill cancer
Premium Member
join:2002-09-10
canada

EUS

Premium Member

Thank you, I presumed Apple due to the browser, but when I went to the site, no official mention of any OS used.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

Chromebook was hacked at Pwnium which is the 'other hacking contest at CanSecWest', gets a little confusing sometimes for sure.

Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

1 recommendation

Chubbzie to EUS

Member

to EUS
I might be mistaken but I think these were the offerings:

Safari on OS X Mavericks - $65k
Chrome on Win 8.1 x64 - $100k
Firefox on Win 8.1 x64 - $50k
MSIE 11 on Win 8.1 x64 - $100k

Plugins
Java running in MSIE 11 on Win 8.1 x64 - $30k
Adobe Reader in MSIE 11 on Win 8.1 x64 - $75k
Adobe Flash in MSIE 11 on Win 8.1 x64 - $75k

And the Unicorn hack - MSIE 11 64 on Win 8.1 x64 with EMET running, sys level code execution - $150k