cansecwest

(get it in RSS or Atom)

PWN2OWN Day Two - Chrome and Safari join the losers

p2o-d2-250

Here are the PWN2OWN results from Day Two, and an overview of the final payouts.

Chrome and Safari didn't get picked for Day One, but both of them were pwned on Day Two - twice for Chrome and once for Safari....

PWN2OWN Day One - Reader, IE, Flash and Firefox felled, Java left standing

p2o-250

PWN2OWN Day One results are in!

The target that sounded easiest - Oracle Java, with prize money less than a third of the supposedly much tougher IE 11 - was the only one left standing at the end of the first half...

SSCC 133 - Prize unicorns, Android malware, 2FA, Attack reports and Vote For Us! [PODCAST]

sscc-133-thumb-250

Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target...

PWN2OWN 2014 - Find the "exploit unicorn" and win $150,000

unicorn-250

It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.

But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...

The "BadBIOS" virus that jumps airgaps and takes over your firmware - what's the story?

chip-250

"BadBIOS" is an unfolding story about a virus that is claimed to have some remarkable characteristics - such as jumping airgaps, spreading using sound waves, and taking over your firmware.

How does it work? What do we know? Is it real or a hoax? Paul Ducklin takes a look...

PWN2OWN results Day Two - Adobe Reader and Flash owned, Java felled yet again

PWN2OWN 2013 finished off today.

A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...

PWN2OWN results Day One - Java, Chrome, IE 10 and Firefox owned

Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.

Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...

Last-minute pre-Pwnium Chrome update closes numerous holes...

chromium-250

Google just slammed the door on a number of vulnerabilities in Chrome.

Just two days before its flagship browser was due to go under public hacking scrutiny at a Canadian security conference...

Find a new way of exploiting Chrome, IE, Java, etc.. and you could win millions of dollars

Find a new way of exploiting Chrome, IE, Java, etc.. and you could win millions of dollars

Security researchers are gathering in Vancouver at the CanSecWest conference, in the hope of winning substantial cash prizes for finding exploitable vulnerabilities in the likes of Chrome, Internet Explorer and Java.

PWN2OWN - hack the Big Four browsers in public and go home with half a million dollars

targets-250

Only six weeks to go until PWN2OWN 2013, where you can hack the Big Four browsers and the Big Three plugins, and win over half a million dollars.

But is it just about the money?

Paul Ducklin investigates...

Anatomy of an exploit - six, in fact - as Google reveals details of Pwnium hack against Chrome

chromium-with-bullet-hole

Breaking into a browser isn't as easy as it was a few years ago. Back then, many browsers ran as a single monolithic process which could be leapt in a single bound.

That's unusual these days, so this is a hacking story of considerable derring-do.

CanSecWest Day 1 - Pen testing, social authentication, APR and Duqu

CANSECWestC250

A wrap-up of the news and talks from CanSecWest 2012 in Vancouver. I highlight talks on pen testing, social authentication, vulnerability mitigation and the Duqu command and control servers.

Google offers $1 million in exploit rewards for Chrome hacks

Google offers $1 million in exploit rewards for Chrome hacks

Google is offering cash prizes totaling $1 million to hackers, plus a Chromebook, for those who successfully exploit its Chrome browser at the CanSecWest security conference next week.

Chip and PIN compatibility leads to insecurity

CC250

At last week's CanSecWest security conference in Vancouver Canada researchers showed methods they could use to compromise chip and PIN credit cards. Is backward compatibility creating security holes that reduce the security of your card?

SSCC47- Now with transcript! Patch Tuesday, HBGary, Nasdaq hack, RBS WorldPay hacker and Pwn2Own

Sophos Security Chet Chat logo

This week's podcast discusses Patch Tuesday, HBGary being hacked, the compromise at Nasdaq, the guilty plea of a RBS WorldPay hacker and Google pledging an extra $20,000 at Pwn2Own. Listen now, or download the transcript.

CanSecWest 2010 day 2 summary

Image (1) cansecwest200.png for post 2787

The second day of CanSecWest was a beautiful day in Vancouver. The day was full of information-packed sessions and anticipation for the evening dinner party reception. "SEH overwrite and its exploitability - Shuichiro Suzuki" Shuichiro, who works for Forteenforty, demonstrated Read more…

CanSecWest 2010 Day 1

Image (1) cansecbadge250.jpg for post 2786

As a Vancouverite it always seemed to be a bit of a shame that I have never attended a CanSecWest conference. This year I am here, the 11th annual CanSecWest conference, and I would like to thank Dragos Ruiu for Read more…

Heroes

Default image

As I'm sure you're by now aware, a security researcher named Charlie Miller was able to pwn Safari in 10 seconds at CanSecWest yesterday! A truly spectacular feat! I'm not even sure how he was able to type so fast! Read more…