Ryan Naraine

TJX Hacker Gets 20-Year Jail Sentence

Hacker mastermind Albert Gonzalez was sentenced Thursday in U.S.
District Court to two concurrent 20-year stints in prison for his role
in what prosecutors called the “unparalleled” theft of millions of credit card numbers from major U.S. retailers.//

U.S. District Court Judge Patti B. Saris announced the concurrent
sentences in two 2008 cases against Gonzalez, 28, a Cuban-American, who
was born in Miami, where he lived when the crimes were committed.  Read the full story [IDG News Service]

Hacker exploits IE8 on Windows 7 to Win Pwn2Own

VANCOUVER, BC — Jumping through a series of anti-exploit roadblocks, Dutch hacker Peter Vreugdenhil pulled off an impressive CanSecWest Pwn2Own victory here, hacking into a fully patched 64-bit Windows 7 machine using a pair of Internet Explorer vulnerabilities.

Mozilla Firefox Hacked at Pwn2Own Contest

VANCOUVER, BC — The first day of the CanSecWest Pwn2Own hacker
challenge wrapped up here today with a familiar face going after a
familiar target.
And, for the second year in a row, a German hacker known simply as
“Nils” exploited a previously unknown vulnerability in Mozilla Firefox
to take complete control of a 64-bit Windows 7 machine.


VANCOUVER, BC — For the third year in a row, Charlie Miller has
hacked into a MacBook by exploiting a critical Safari browser
vulnerability. At the CanSecWest Pwn2Own hacker contest here, Miller performed a clean drive-by download against Safari to get a full command shell on the MacBook. 

Google has added a nifty new security feature to warn GMail users when there are suspicious log-ins to their e-mail accounts.The feature, now being rolled into Firefox and Internet Explorer, will flag GMail log-ins from multiple locations and flash the following warning to an affected user:

Mozilla has fast-tracked a patch for a critical vulnerability affecting its flagship Firefox browser.

The patch, which was originally slated for release on March 30,
fixes a vulnerability that could allow remote code execution attacks. 
The flaw was originally released
into the VulnDisco exploit pack in February but Mozilla’s security
response team did not get the details until the middle of March.

Hackers at this year’s CanSecWest Pwn2Own contest will definitely break into an Apple iPhone by exploiting a remote code execution vulnerability.That’s the prediction from Charlie Miller and Aaron Portnoy, two security researchers who are monitoring events leading to next week’s hacker challenge.

The following is the full transcript of a live Threatpost chat with Charlie Miller, a vulnerability researcher at Independent Security Evaluators.   During this session, Miller discussed his approach to finding security flaws, his work on fuzzing applications, his plans for this year’s Pwn2Own hacker challenge and his thoughts on improvements in Apple’s Mas OS X.

An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft’s Virtual PC virtualization software to malicious hacker attacks.The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations —  Data Execution Prevention (DEP), Safe Exception Handlers (SafeSEH) and Address Space Layout Randomization (ASLR) — to exploit the Windows operating system.