A PHP Error was encountered

Severity: 8192

Message: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead

Filename: core/Router.php

Line Number: 114

Find a new way of exploiting Chrome, IE, Java
images
 flag  India flag
Forum » Education »
Find a new way of exploiting Chrome, IE, Java
Wednesday March 06 2013 8:03AM
Yashwant kumar bansal
Replies -0
Views -930
sub icon

Security researchers are gathering in Vancouver at the CanSecWest conference, in the hope of winning substantial cash prizes for finding exploitable vulnerabilities in the likes of Chrome, Internet Explorer and Java.

 

Targets

The Pwn2Own competition offers more than half a million dollars in cash and prizes for

the first person to successful compromise a selected target.

Here's what's on the menu:

  • Web Browser
    • Google Chrome on Windows 7 ($100,000)
    • Microsoft Internet Explorer, either
      • IE 10 on Windows 8 ($100,000), or
      • IE 9 on Windows 7 ($75,000)
    • Mozilla Firefox on Windows 7 ($60,000)
    • Apple Safari on OS X Mountain Lion ($65,000)
  • Web Browser Plug-ins using Internet Explorer 9 on Windows 7
    • Adobe Reader XI ($70,000)
    • Adobe Flash ($70,000)
    • Oracle Java ($20,000)

To make things trickier, the vulnerabilities need to be previously unknown, and computers are running the latest fully patched versions of Windows 7, 8, and OS X Mountain Lion. More information on the Pwn2Own rules can be found here.

Meanwhile at CanSecWest, Google is running its own vulnerability competition - Pwnium 3 - focused on discovering new vulnerabilities in the Chrome operating system.

And the prize money for Pwnium? A cool Pi-sized $3.14159 million.

To have a chance of getting your paws on the money, you will need to pull off an attack against a Samsung S5 550 Chromebook, running the latest version of the Chrome OS. You can also receive prize money if you manage a "browser or system level compromise in guest mode or as a logged-in user, delivered via a webpage" or a "compromise with device persistence - guest to guest with interim reboot, delivered via a webpage."

Samsung Chromebook

It's clear that the prize money available for finding brand new vulnerabilities in operating systems, browsers and popular plugins is on the rise.

Nonetheless, it's also apparent that companies like Google will never be able to outbid intelligence agencies who might have a less altruistic interest in collecting information about new ways to exploit computers.

In light of all the attention given to vulnerabilities found at these contests, it's perhaps no surprise that Google has just patched ten vulnerabilities in its Chrome web browser, bringing it up to version 25.0.1364.152.

Whichever browser or operating system you use, the best way to reduce your chances of becoming a cybercrime statistic is to keep your systems updated with patches, run an up-to-date anti-virus product, and practice safe computing.



Comments
No Replies
Leave a Reply Here
Enter Your Name
Enter your Email
Enter your Contact No
Enter Your Message
Enter the code