Google has pushed out a patch for the second full sandbox escape exploit used in the Pwnium contest at CanSecWest. The Chrome vulnerabilities that the exploit targeted were discovered by an anonymous researcher who used the name PinkiePie and claimed a $60,000 reward from Google.
When the long arm of the law reached in to arrest members of Anonymous’s senior leadership on Tuesday, speculation immediately turned to the identities of the six men behind the Guy Fawkes mask. With the benefit of hindsight, it turns out that many had been hiding in plain site, with day jobs, burgeoning online lives and – for those who knew where to look – plenty of clues about their extra curricular activities on behalf of the world’s most famous hacking crew.
VANCOUVER–Say what you will about Chaouki Bekrar, but the man is nothing if not frank. Bekrar, who is the public face of the VUPEN team that has been toying with the Pwn2Own contest this week, has become a lightning rod in the debate over exploit sales, and from all outward appearances, he couldn’t be happier about it.
Hector Xavier Monsegur or “Sabu,” de facto ringleader of the notorious Anonymous Internet Collective, was not merely a talented hacker. He was also something of a Robin Hood of the East Side projects and a hard-partying nuisance to his neighbors, a report by the New Yok Times claims.
The same team from VUPEN that took down Google Chrome on Wednesday has succeeded in compromising Internet Explorer 9 on Windows 7, using two separate bugs. The success at the Pwn2Own contest was the result of a heap overflow bug in IE as well as a separate bug in the browser’s protected mode.
VANCOUVER–Google has already patched the bugs used by researcher Sergey Glazunov to compromise Chrome on Wednesday as part of the company’s Pwnium contest at the CanSecWest conference here.
Cupertino, California-based Apple released fixes for a bevy of security flaws in its iOS mobile operating system, including security flaws affecting the Siri personal assistant, the iOS passcode feature, and more than five dozen flaws in the WebKit Web rendering enging used by both iOS and Android devices.
VANCOUVER–One of the first things we’re taught as kids is that sharing is good. If you have two Chocodiles and Billy has none, you give him one. Sharing once was the norm in the security community–or, more specifically, certain sections of it–as well, but if the atmosphere at the CanSecWest conference this year are any indication, those days are quickly coming to an end.
VANCOUVER–A group of researchers from VUPEN, a French security firm, was able to compromise Google Chrome in the initial stages of the Pwn2Own contest. But because of the new rules this year, that doesn’t guarantee them a win in the contest. Rather, it just gives them a nice head start.
The seeds of LulzSec’s downfall were sown long before the FBI and Scotland Yard went knocking on doors this week. In fact, the group owes its downfall to a series of small, internal skirmishes, unforced errors and unlikely clues that created a virtual trail to its leaders, a Threatpost investigation found.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
