Hackers crack OS X, Windows, web browsers' security to net $460,000

Forum|Forum|9 years ago
March 19, 2016
7 replies
1 view

retiredAntus67
Community Guide

Tencent Security Team Sniper crowned Master of Pwn

Pwn2Own Researchers pulled off multiple OS X, Windows and web browser exploits at the latest Pwn2Own competition.
White hat hackers earned $460,000 in prizes for finding and exploiting 21 security vulnerabilities in widely used software. Details of the flaws were privately shared with vendors so that their code that can be fixed and updates released to the public. It's a good win-win situation.
On the first day of the two-day competition, Safari, Chrome and Flash Player were all hacked, some on multiple occasions.
Day two began with two botched attempts to exploit vulnerabilities in Google's Chrome browser and an abortive Adobe Flash exploit by Tencent Security Team Sniper.
Sniper bounced back with successful exploits against Microsoft's Edge browser, and was crowned Master of Pwn for Pwn2Own 2016.
So, the hacking contest's final tally: Microsoft Windows was exploited six times, Apple's OS X five, Adobe Flash four, Apple Safari three, Microsoft Edge twice, and one for Google Chrome (although this attack was a duplicate of an independently reported vulnerability).

full article here:

Baldrick
Gold VIP
Forum|Forum|9 years ago
March 19, 2016

I support this as long as what they have revealed is kept provate and only given to the relevant software developers so that they can mitigate the exploits found...but to publicise it like this is the thin end of the wedge in my humble opinion. :(

Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

retiredAntus67
Author
Community Guide
Forum|Forum|9 years ago
March 19, 2016

I have to agree with you on this as they are pounding their chests and
saying look at what I've done!!!!! Not good at all

+62

Ssherjj
Moderator
Forum|Forum|9 years ago
March 19, 2016

With this kind of contest to find vuneralbilities I think is good. It does help the developers with finding what the vulnerablilites that these browsers have. IMO.

IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester

retiredAntus67
Author
Community Guide
Forum|Forum|9 years ago
March 19, 2016

I agree with you Sherry to a extent as long as "these hackers do not
provide how they have hacked this app to the cyber criminals for money"

+62

Ssherjj
Moderator
Forum|Forum|9 years ago
March 19, 2016

@Antus67 wrote:
I agree with you Sherry to a extent as long as "these hackers do not
provide how they have hacked this app to the cyber criminals for money"

Yes that is very important as I agree Anthony with you and Balrick!;)

+54

Jasper_The_Rasper
Moderator
Forum|Forum|9 years ago
March 19, 2016

Good comments everyone and I agree. Any vulnerabilities have to be kept out of the public scrutiny for obvious reasons to give the devs chance to correct problems.

The only other thing I will add though is that due to some of the posts that I have posted here where some vulnerabilities have been known to exist for a long time, there needs to be a way to actually compel the companies to get them fixed.

Baldrick
Gold VIP
Forum|Forum|9 years ago
March 19, 2016

I have to agree with Anthony...the competition is all well and good...but only if the outcome is used for the betterment of the situation and not such that the wrong people get their hands on the information and use it for nefarious purposes...which I believe sometimes, unfortunately, happens. :(

Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Tencent Security Team Sniper crowned Master of Pwn

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded