Your Favorite Browser Just Got Hacked, But Don’t Panic

How can I know what your “favorite browser” is? It doesn’t matter, really; if it’s any one of the four most popular browsers — Chrome, Internet Explorer, Firefox, or Safari — it’s just been successfully exploited.

This past week marked the 8th annual Pwn2Own, where security researchers come from near and far to flex their talents. The goal? Demonstrate exploits on the latest builds of popular browsers, get a pile of cash in return.

The good news: because of the nature of the competition, none of the specifics of these exploits are made public until the companies behind the browsers get a chance to patch things up. So while the bugs being exploited here might be lurking in your browser, you’re probably not in danger of actually getting nailed by them before they’re cleaned up.

Mozilla, for example, tells me they’ll have Firefox patched by the end of today. None of the other browser makers had responded to our requests for comment at the time this was published.

The definition of “exploit” in Pwn2Own is pretty straight forward: “modify the standard execution path of a program or process in order to allow the execution of arbitrary instructions”.

In other words: break through a browser’s security systems, make it run code that it really isn’t supposed to. No user interaction is allowed, beyond “the action required to browse to the malicious content”.

Each researcher has 30 minutes to demonstrate their exploit on a machine they’ve never touched, with each machine running a fully-patched version of its operating system. To be clear: most of these bugs are the result of days/weeks of research — they’re not something the researchers unearthed in their 30 minute demo window.

Read More

Comments

How To Hide Text In Microsoft Word 2007, Reveal It & Protect It

Sometimes what we hide is more important than what we reveal. Especially, documents with sensitive information, some things are supposed to be ‘for some eyes only’. Such scenarios are quite common, even for the more un-secretive among us. You want to show someone a letter composed in MS Word, but want to keep some of the content private; or it’s an official letter with some part of it having critical data. As important as these two are, the most common use could involve a normal printing job. Many a time we have to print different versions of a document, one copy for one set of eyes and others for other sets. Rather than creating multiple copies and therefore multiple printing jobs, what if we could just do it from the same document? That too, without the hassle of repeated cut and paste. We can, with a simple feature in MS Word – it’s just called Hidden and let me show you how to use it to hide text in Microsoft Word 2007. It’s a simple single click process. Open the docum...

Boom, the startup that wants to build supersonic planes, just signed a massive deal with Virgin

Have you heard about Boom? Boom is a relatively new startup that’s aiming to build something pretty crazy. They’re not building an app… or a social network… or even some new gadget for the Kickstarter crowd. Boom wants to build planes. Really, really, really fast planes. Specifically, they’re trying to design and build a supersonic passenger plane that goes 2.2x the speed of sound. If all goes to plan, they’ll be able to shuttle people from New York to London in 3.5 hours, and SF to Tokyo in 4.5. Sound crazy? I wouldn’t disagree. It’s worth noting that the company is in the very early days for something as intensive, massive, and hugely expensive as designing and producing a passenger aircraft. They’re still working on their first prototype, and hope to fly it by late next year. But it’s also worth noting that the team behind the plane has some serious talent in its blood: the company’s 11 employees have collectively contributed to over 30 aircrafts — having worked on thin...

Build Your Own Awesome Personal 3D Avatar with Avatara

Do you use social networks and want to build your own awesome 3D avatar? Maybe you want to send someone a cute cuddly image of yourself (kind of)? Or maybe you have your own ideas of what you would do with an Avatar… Well look no further than Avatara which I discovered from the MakeUseOf directory . You can create 3d avatars out of pre-set up templates or create your own from scratch. To start, visit Avatara’s homepage . You will see this screen: Click Get Started to umm, get started! That will take you to this screen: You see that you can build your own Avatar using an uploaded head shot like the Obama one above (just an example, guys). Or roll with one of their awesome avatars. I chose to start with a blank avatar by clicking Start with a blank avatar at the bottom of the screen. That takes you to here: I clicked on the filter at the top and told it to filter out everything but male characters and then I saw this: I rolled with Buck and continued. You need to click Select...

Kiran Upadhyay

Search This Blog