Monday, March 12, 2012

Finally Google Chrome gets hacked at Pwn2Own

Finally+Google+Chrome+gets+hacked+at+Pwn2Own

Vupen Security and Sergey Glazunov independently managed to penetrate Google Chrome’s security defenses at the Pwn2Own and 'Pwnium' contests respectively. The annual competition, which invites ethical hackers from around the world to attempt hacking into the most popular web browsers and in the process expose vulnerabilities and loopholes in the browser's security, while grabbing a handsome reward.

At this year's competition, the co-founder and head of research of Vupen, Chaouki Bekrar and his team managed to break into Google Chrome in less than 5 minutes, in the process quashing talks about the browser's unquestionable security. They used "a pair of zero-day vulnerabilities to take complete control of a fully patched 64-bit Windows 7 (SP1) machine." For the successful break-in, Vupen has won itself 32 points.

Google Chrome security knew that the Flash Player plugin sandbox is significantly weaker and that an exploit against Chrome’s Flash Player would have to go through a certain path.Having figured out that Vupen used that technique (from the May video), Google decided to add a specific protection for Flash. The hack qualifies him for one of the top $60,000 prizes that are part of Google’s $1 million Pwnium challenge, and could be the launch of a new security career.

VUPEN co-founder Chaouki Bekrar, an outspoken exploit writer who insisted the team deliberately targeted Chrome to prove a point, was uncharacteristically coy when asked if the faulty Chrome code came from Adobe.”It was a use-after-free vulnerability in the default installation of Chrome,” he said. “Our exploit worked against the default installation so it really doesn’t matter if it’s third-party code anyway.” Bekrar told, Zdnet reports.

IE 9 on Windows 7 was also hacked, again through a complicated hack that had to circumvent the browser’s sandbox. Microsoft, however, may not respond so rapidly, as its quality testing procedure usually takes a few months to fix bugs like these.Safari on Mac OS X Snow Leopard, along with Firefox and IE 8 on Windows XP, was also hacked.

Chinese spied on NATO officials using Facebook Friends

Chinese+spied+on+NATO+officials+using+Facebook+Friends

An online scam has been exposed in which senior British military and government officials were tricked into becoming Facebook friends with someone masquerading as U.S. Admiral James Stavridis, NATO’s Supreme Allied Commander and lead officer on the Libyan mission, thereby exposing their own personal information to unknown hackers.

Late last year, senior British military officers, Defense Ministry officials, and other government officials were tricked into becoming Facebook friends with someone masquerading as United States Navy admiral James Stavridis.

Nato will not officially say who was behind the cyber-fraud or who accepted friend requests but it is understood that evidence points to Chinese state-sponsored hackers. NATO has advised senior officers and officials, including Admiral Stirvis to open their own social networking pages to prevent a repeat of such incident.

the Supreme Headquarters Allied Powers Europe (Shape), confirmed Admiral Stavridis had been a target. A spokesman for Shape said: "This type of compromising attempts is called 'social engineering' and has nothing to do with 'hacking' or 'espionage'."

The scams also cast light on the productive use that can be made of so-called “spear-phishing,” or targeted messages from a source the victim actually knows. A common example is an email that looks like it came from a person’s bank, asking for account numbers and passwords.

The hackers were traced to China and investigators found the attacks only took place on week days between 9am and 5pm, suggesting they were working at an office or a government facility.

Dmitri Alperovich, a security expert who helped uncover the "Night Dragon" breach, says Western businesses and governments are routinely being targeted.He said: "They will know your strategy, your price list, everything to undercut and beat you." The Chinese are using every trick in the book."They stole emails between executives about high level negotiations?... If they know your strategy they can't lose."