Spyware, Viruses, & Security forum


NEWS - March 08, 2013

by Carol~ Forum moderator / March 8, 2013 2:34 AM PST
Pwn2Own ends with Adobe Flash, Reader and Oracle Java exploits

Day two of the Pwn2Own competition at CanSecWest was again successful for French Vupen security, as they succeeded in exploiting Adobe Flash on Internet Explorer 9 on Windows 7 by chaining together three zero-days (an overflow, a ASLR bypass technique and a IE9 sandbox memory corruption) and earning themselves another $70,000.

George Hotz exploited Adobe Reader XI (also on IE 9 on Win7), and Ben Murphy - the last contestant to target Java - has also managed to earn a prize even though he wasn't there, because James Forshaw, a winner from the previous day, agreed to serve as proxy and demonstrate the attack.

All in all, ZDI has awarded over half a million dollars in cash prizes and, of course, the compromised laptops and ZDI reward points.

Continued : http://www.net-security.org/secworld.php?id=14568

Pwn2Own related:
Pwn2Own ends with all attackers winning
Firefox, Java, Flash All Taken Down at Pwn2Own
Pwn2Own takes down IE 10 running on a Surface Pro
Pwn2Own Hackers Take Down Chrome, Firefox, IE10
Post a reply
Discussion is locked
You are posting a reply to: NEWS - March 08, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 08, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Mozilla and Google Patch Browser Flaws Used in Pwn2Own
by Carol~ Forum moderator / March 8, 2013 4:07 AM PST
In reply to: NEWS - March 08, 2013

Within less than 24 hours of the vulnerabilities being used and disclosed to them, both Mozilla and Google have issued patches for flaws employed by participants in this week's Pwn2Own contest at CanSecWest here.

Mozilla has rolled out a new version of Firefox that includes fixes for security vulnerabilities used in the contest, and Google has done the same with Chrome.

"Researchers successfully demonstrated new security vulnerabilities in all three browsers tested - Firefox, Chrome and IE. At the conclusion of the event we received technical details about the exploit so we could issue a fix.

"We received the technical details on Wednesday evening and within less than 24 hours diagnosed the issue, built a patch, validated the fix and the resulting builds, and deployed the patch to users. Our fast turn around time on this security issue is a reflection of the priority and focus we place on security. Security is more than a side item for us, it's part of our core principles," Michael Coates, director of security assurance, said.

Continued: https://threatpost.com/en_us/blogs/mozilla-and-google-patch-browser-flaws-used-pwn2own-030813

Collapse -
$5 million class action lawsuit over LinkedIn data breach..
by Carol~ Forum moderator / March 8, 2013 4:07 AM PST
In reply to: NEWS - March 08, 2013
... dismissed

Any damage done to LinkedIn users over the massive June 2012 data breach was abstract, not actual, a US judge has ruled.

Thus did a $5 million class-action lawsuit against the networking site get dismissed, before the case ever breathed the air of a court trial.

The breach resulted in the compromise of 6.5 million users' passwords.

Within hours of the passwords being posted online, over 60% of the stolen passwords had been cracked.

Within days of the June breach, the lawsuit was filed on behalf of all users by two premium LinkedIn users in the US, Katie Szpyrka and Khalilah Wright.

It charged LinkedIn with failing to use basic industry standard security practices - a failing that, the plaintiffs claimed, led to the data leak.

Continued : http://nakedsecurity.sophos.com/2013/03/08/linkedin-lawsuit-data-breach/

Related: Class-Action Lawsuit Filed Against LinkedIn After Password Hack Dismissed
Collapse -
How To Opt Out of Receiving Facebook Ads Based on Your..
by Carol~ Forum moderator / March 8, 2013 4:26 AM PST
In reply to: NEWS - March 08, 2013
.. Real-Life Shopping Activity

From Rainey Reitman @ the Electronic Frontier Foundation blog:

Facebook has announced that it's teaming up with four of the world's largest corporate data brokers to "enhance" the ad experience for users. Datalogix, Epsilon, Acxiom, and BlueKai obtain information gathered about users through online means (such as through cookies when users surf the web) as well as through offline means (such as through loyalty cards at supermarkets and product warranty cards)1. Through the new relationship with Facebook, companies will be able to display advertisements to Facebook users based on data that these data brokers have on individuals.

In practical terms, this means that limiting how much information you put on Facebook is not enough to limit how ads are targeted to you on Facebook. Your interests, age, shopping history (including offline), web browsing, location, and much more could be stored by these data brokers and utilized to market to you - even if you've been careful not to share this type of information with Facebook.

So, what can users do? If you're concerned about this practice, you can opt out of the targeted advertisements by individually visiting each of the data broker partners currently working with Facebook. We've got directions below for opting out of each site.

Continued : https://www.eff.org/deeplinks/2013/02/howto-opt-out-databrokers-showing-your-targeted-advertisements-facebook
Collapse -
Android Malware, believe the hype.
by Carol~ Forum moderator / March 8, 2013 5:04 AM PST
In reply to: NEWS - March 08, 2013
Rik Ferguson @ Trend Micro's "CounterMeasures" blog:

...or "Just how much Android malware is there anyway?"

The security industry has an embarrassing problem. For several years it became a matter of course for the big names in security to warn annually that 'next year' was to be the year of mobile malware. "Look out", we said, "mobile malware, it's coming..."; but it never did. It remained elusively over the threat horizon. In reality, every year since Cabir in 2004 we have saw appearances and developments in mobile malware (originally for Symbian, J2ME and Windows CE) but it simply never reached critical mass or moved beyond the mischievous.

Now that the problem is well and truly here (the last two years have both been called "the year of mobile malware" at several points) we have a problem persuading the world at large that we are not crying "Wolf!" yet again. There is a distinct scepticism paired with a strong belief that the security industry may be selling a solution to a problem that doesn't exist, or if it does then it only exists in far off countries and little used app stores. So, in the interest of clarity, here are a few numbers that hopefully will go some way towards putting that scepticism to bed, once and for all.

Continued : http://countermeasures.trendmicro.eu/android-malware-believe-the-hype/
Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.