Ryan Naraine

VANCOUVER, BC — For the third year in a row, Charlie Miller has
hacked into a MacBook by exploiting a critical Safari browser
vulnerability. At the CanSecWest Pwn2Own hacker contest here, Miller performed a clean drive-by download against Safari to get a full command shell on the MacBook. 

VANCOUVER, BC — A pair of European researchers used the spotlight of the CanSecWest Pwn2Own hacking contest here to break into a fully patched iPhone and hijack the entire SMS database, including text messages that had already been deleted.

Google has added a nifty new security feature to warn GMail users when there are suspicious log-ins to their e-mail accounts.The feature, now being rolled into Firefox and Internet Explorer, will flag GMail log-ins from multiple locations and flash the following warning to an affected user:

Mozilla has fast-tracked a patch for a critical vulnerability affecting its flagship Firefox browser.

The patch, which was originally slated for release on March 30,
fixes a vulnerability that could allow remote code execution attacks. 
The flaw was originally released
into the VulnDisco exploit pack in February but Mozilla’s security
response team did not get the details until the middle of March.

Hackers at this year’s CanSecWest Pwn2Own contest will definitely break into an Apple iPhone by exploiting a remote code execution vulnerability.That’s the prediction from Charlie Miller and Aaron Portnoy, two security researchers who are monitoring events leading to next week’s hacker challenge.

The following is the full transcript of a live Threatpost chat with Charlie Miller, a vulnerability researcher at Independent Security Evaluators.   During this session, Miller discussed his approach to finding security flaws, his work on fuzzing applications, his plans for this year’s Pwn2Own hacker challenge and his thoughts on improvements in Apple’s Mas OS X.

An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft’s Virtual PC virtualization software to malicious hacker attacks.The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations —  Data Execution Prevention (DEP), Safe Exception Handlers (SafeSEH) and Address Space Layout Randomization (ASLR) — to exploit the Windows operating system.