How a grim Eurovision Song Contest cyber attack was prevented at last second 9News
As millions of people around the world tuned into this year’s Eurovision Song Contest final in Tel Aviv, little did they know they were within one second of …
Six months ago, Google offered to pay US$ 200,000 to any researcher who could remotely hack into an Android device by knowing only the victim’s phone number and email address. No one stepped up to the challenge.
While that might sound like good news and a testament to the mobile operating system’s strong security, that’s likely not the reason why the company’s Project Zero Prize contest attracted so little interest. From the start, people pointed out that $ 200,000 was too low a prize for a remote exploit chain that wouldn’t rely on user interaction.
“If one could do this, the exploit could be sold to other companies or entities for a much higher price,” one user responded to the original contest announcement in September.
To read this article in full or to leave a comment, please click here
Enlarge (credit: Heather Katsoulis)
Contestants at this year’s Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft’s heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $ 105,000, the highest awarded so far over the past three days.
According to a Friday morning tweet from the contest’s organizers, members of Qihoo 360’s security team carried out the hack by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware, contest organizers reported Friday morning on Twitter. The result was a “complete virtual machine escape.”
“We used a JavaScript engine bug within Microsoft Edge to achieve the code execution inside the Edge sandbox, and we used a Windows 10 kernel bug to escape from it and fully compromise the guest machine,” Qihoo 360 Executive Director Zheng Zheng wrote in an e-mail. “Then we exploited a hardware simulation bug within VMware to escape from the guest operating system to the host one. All started from and only by a controlled a website.”
Read 7 remaining paragraphs | Comments
Can a supercomputer beat humans in a hacking contest? We’re about to find out.
For the first time, a fully automated supercomputer is trying to compete with humans in a major hacking contest, and so far the machine is hanging in there.
The supercomputer, known as Mayhem, is among the teams taking part in this year’s Capture the Flag contest at the DEF CON security conference in Las Vegas.
The game involves detecting vulnerabilities in software and patching them, and humans have been playing it at DEF CON for years.
Now computers are getting in on the act. DARPA, a U.S. defense agency, recently held an all-machine competition, awarding $ 2 million to the team that did best.
To read this article in full or to leave a comment, please click here