With $3.14159 million in prize money at stake, Google’s Chrome OS has withstood attempts to hack it in the company’s semi-annual Pwnium contest in Vancouver, a Google spokeswoman told The Security Ledger. In a statement Thursday, Google spokeswoman Jessica Kositz said that the company did not receive any winning entries during the day-long contest, but that the company is evaluating work that may qualify for a partial prize: a potentially infinite series of Google Wallet transfers in the amounts: $1 followed by $.50 followed by $.25 followed by $.125 and so on. OK – We made that last part up. Pwnium runs alongside the better known pwn2own contest at CanSecWest. This year, Google is providing funding for both contests. However, in 2012 the company pulled its support for pwn2own, objecting to the lack of a requirement of “responsible disclosure” – in which entrants must disclose the details of their exploits to the […]
Adobe
Obama Lays Down The Law On Cyber Espionage
The Obama Administration on Wednesday released a report detailing new Administration measures to protect U.S. trade secrets and intellectual property. The report: “Administration Strategy on Mitigating the Theft of U.S. Trade Secrets” (PDF) establishes a new foundation for cooperation between the U.S. government and the private sector. It comes just days after a bombshell, 60-page report by the security firm Mandiant that described the activities of “APT1” – a hacking group that Mandiant claims is actually a cyber warfare unit of China’s People’s Liberation Army (PLA). In a post on the Whitehouse blog, the Administration said the Strategy is a continuation of Obama Administration policy to protect U.S. companies from the theft of trade secrets. Under the new Strategy, the Administration will take a “whole government” approach, using diplomatic pressure via the State Department, coordinated, international legal pressure through the Department of Justice and FBI. The U.S. will tap the […]
Adobe Pushes Fix For Flash Player, Cites Attacks On Windows, Mac, Android
Adobe released an urgent fix on Thursday for recent versions of Flash Player, citing ongoing attacks against both Windows, Apple Mac, Linux and Android systems. Adobe released the security updates to fix a vulnerability, CVE-2013-0633 in Flash Player, noting that the vulnerability is being exploited “in the wild” (that is: on the public Internet) in targeted attacks. The attacks involve both web based attacks via malicious or compromised web sites and e-mail based attacks. The web based attacks use malicious Flash (SWF-format) content and target vulnerable versions of the Flash Player for the Firefox and Safari web browsers. The e-mail attacks use a malicious Microsoft Word document delivered as an e-mail attachment. The document contains malicious Flash (SWF) content and the email tries to trick the recipient into opening it. The vulnerability in question, CVE-2013-0633 is described as a buffer overflow in Adobe Flash Player that “allows remote attackers to execute […]
Adobe Acknowledges Hack of User Forum For Connect Service
Software giant Adobe on Wednesday confirmed claims by a self-proclaimed “Egyptian” hacker to have compromised a user support forum frequented by customers of its Connect web conferencing technology, stealing user account information and posting some of it online. Adobe’s Director of Connect, Guillaume Privat, acknowledged in a blog post on Wednesday that the compromise of the Connectusers.com forum by an “unauthorized third-party” was for real and that the company has disabled the forum while it investigates the incident. The breach was first disclosed on Tuesday when a hacker calling himself “ViruS_HimA” posted what appeared to be account e-mail and password information online through web sites like pastebin.com and sendspace.com. The hacker claimed to have compromised a database server used to maintain the Connnectusers.com forum and downloaded information on 150,000 account holders, including the users names, login IDs, hashed password values, employer and e-mail address. The motive for the hack was […]
