Browsing Author: Ryan Naraine

TJX Hacker Gets 20-Year Jail Sentence

[img_assist|nid=3904|title=|desc=|link=none|align=right|width=120|height=70]Hacker mastermind Albert Gonzalez was sentenced Thursday in U.S.
District Court to two concurrent 20-year stints in prison for his role
in what prosecutors called the “unparalleled” theft of millions of credit card numbers from major U.S. retailers.//

U.S. District Court Judge Patti B. Saris announced the concurrent
sentences in two 2008 cases against Gonzalez, 28, a Cuban-American, who
was born in Miami, where he lived when the crimes were committed.  Read the full story [IDG News Service]

Read more...

Hacker exploits IE8 on Windows 7 to Win Pwn2Own

Categories: Malware, Vulnerabilities

[img_assist|nid=3980|title=|desc=|link=none|align=left|width=94|height=144]VANCOUVER, BC — Jumping through a series of anti-exploit roadblocks, Dutch hacker Peter Vreugdenhil pulled off an impressive CanSecWest Pwn2Own victory here, hacking into a fully patched 64-bit Windows 7 machine using a pair of Internet Explorer vulnerabilities.

Read more...

Mozilla Firefox Hacked at Pwn2Own Contest

Categories: Malware, Vulnerabilities

[img_assist|nid=3981|title=|desc=|link=none|align=right|width=100|height=100]VANCOUVER, BC — The first day of the CanSecWest Pwn2Own hacker
challenge wrapped up here today with a familiar face going after a
familiar target.
And, for the second year in a row, a German hacker known simply as
“Nils” exploited a previously unknown vulnerability in Mozilla Firefox
to take complete control of a 64-bit Windows 7 machine.

Read more...

Pwn2Own Safari Attack: Charlie Miller Hijacks MacBook

Categories: Malware, Vulnerabilities

[img_assist|nid=3982|title=|desc=|link=none|align=left|width=100|height=100]VANCOUVER, BC — For the third year in a row, Charlie Miller has
hacked into a MacBook by exploiting a critical Safari browser
vulnerability. At the CanSecWest Pwn2Own hacker contest here, Miller performed a clean drive-by download against Safari to get a full command shell on the MacBook. 

Read more...

iPhone Hacked at Pwn2Own; SMS Database Stolen

Categories: Malware, Vulnerabilities

[img_assist|nid=3984|title=|desc=|link=none|align=right|width=100|height=100]VANCOUVER, BC — A pair of European researchers used the spotlight of the CanSecWest Pwn2Own hacking contest here to break into a fully patched iPhone and hijack the entire SMS database, including text messages that had already been deleted.

Read more...

Google to Issue GMail Suspicious Activity Warnings

[img_assist|nid=3959|title=|desc=|link=none|align=left|width=100|height=100]Google has added a nifty new security feature to warn GMail users when there are suspicious log-ins to their e-mail accounts.The feature, now being rolled into Firefox and Internet Explorer, will flag GMail log-ins from multiple locations and flash the following warning to an affected user:

Read more...

Mozilla Fast-Tracks Fix For Critical Firefox Flaw

Mozilla has fast-tracked a patch for a critical vulnerability affecting its flagship Firefox browser.

The patch, which was originally slated for release on March 30,
fixes a vulnerability that could allow remote code execution attacks. 
The flaw was originally released
into the VulnDisco exploit pack in February but Mozilla’s security
response team did not get the details until the middle of March.

Read more...

Pwn2Own Predictions: Apple iPhone Will Fall

Categories: Vulnerabilities

[img_assist|nid=3859|title=|desc=|link=none|align=left|width=100|height=100]Hackers at this year’s CanSecWest Pwn2Own contest will definitely break into an Apple iPhone by exploiting a remote code execution vulnerability.That’s the prediction from Charlie Miller and Aaron Portnoy, two security researchers who are monitoring events leading to next week’s hacker challenge.

Read more...

Charlie Miller on Mac OS X, Pwn2Own and Writing Exploits

[img_assist|nid=3855|title=|desc=|link=none|align=right|width=100|height=100]The following is the full transcript of a live Threatpost chat with Charlie Miller, a vulnerability researcher at Independent Security Evaluators.   During this session, Miller discussed his approach to finding security flaws, his work on fuzzing applications, his plans for this year’s Pwn2Own hacker challenge and his thoughts on improvements in Apple’s Mas OS X.

Read more...

Microsoft Virtual PC Flaw Lets Hackers Bypass Windows Defenses

Categories: Malware, Vulnerabilities

[img_assist|nid=3817|title=|desc=|link=none|align=right|width=100|height=100]An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft’s Virtual PC virtualization software to malicious hacker attacks.The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations —  Data Execution Prevention (DEP), Safe Exception Handlers (SafeSEH) and Address Space Layout Randomization (ASLR) — to exploit the Windows operating system.

Read more...