• November 30, 2018

    Does Anyone Use USPS Anymore?

  • September 24, 2012

    Pwn2Own 2012 Results

    Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference and began in 2007.  Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. For 2012 the rules were changed to a capture-the-flag style competition with a point system.  Google withdrew from sponsorship of the event because the 2012 rules did not require full disclosure of exploits from winners. When Pwn2Own 2012 concluded we saw Chrome, Internet Explorer, and Firefox all being compromised Apple’s Safari was the only browser to be left standing.  This was the first year Chrome got hacked it’s been untouchable up till this year. The list of exploits we saw used and executed were CVE-2010-3346 (Internet Explorer) CVE-2009-3077 (Firefox) CVE-2011-0115 (Safari) CVE-2010-0050 (Safari) CVE-2010-0248 (Internet Explorer) CVE-2010-2752 (Firefox) There was another pwn2own this year the Zero Day Initiative (ZDI) sponsored by RIM and AT&T is taking place in Amsterdam.  Where hackers were asked to compromise 4 devices BlackBerry Bold 9930 Samsung Galaxy SIII Nokia Lumia 900 Apple iPhone 4S Using exploits of Mobile Web Browsers Near Field Communication (NFC) Short Message Service (SMS) Cellular Baseband What we learned from this information is the iPhone 5 is vulnerable to the same attack that successfully breached an iPhone 4S at the mobile Pwn2Own hacker contest.  A fully patched iPhone 4S device was compromised and contacts, browsing history, photos and videos were stolen from the phone. The iPhone took an epic hit when an exploit was built for the vulnerability in WebKit to beat Apple’s code-signing features and the MobileSafari sandbox. The same bug is present in the iOS6 Golden Master development code base, which means iPhone 5 is also vulnerable to the same exploit. Apple iPads and iPod Touch devices are also vulnerable. The Samsung Galaxy S3 can be hacked via NFC allowing attackers to download...