Security flaws everywhere.
After Google Chrome has been hacked twice, Microsoft’s Internet Explorer 9 was the second browser to fail the security challenge.
By exploiting two unknown vulnerabilities, Vupen Security was able to remotely open a calculator running on a Windows 7 SP1 machine. While no additional details were revealed, both IE and Google Chrome exploits were a combination of at least a couple of previously unknown flaws.
Identified as a bug CVE-2011-3046, discovered vulnerability is described as “UXSS and bad history navigation”, with no additional details revealed.
Security contests prove to be useful.
Just as some might have thought that Google’s Chrome sandboxing feature is bullet proof, Sergey Glazunov, a security researcher who have found quite a few vulnerabilities in the fast, has enriched his life with a $60k reward, received for a “Full Chrome” exploit, which bypassed the sandbox feature. Although Google Chrome was previously known to withstand various attacks in Pwn2Own and similar contests, this time it was the first to fail.
Justin Schuh, Chrome’s security team member said, “It was an impressive exploit. It required a deep understanding of how Chrome works. This is not a trivial thing to do. It’s a very difficult and that’s why we’re paying $60,000.”
The keyword here is “up to”.
Called Pwnium, contest attendees will be asked to exploit the Google Chrome web browser and in return, will be rewarded as follows:
Introduced years ago, Do Not Track allows users to opt out of tracking by advertising, social and other web sites that enjoy such data.
However, it’s not coming anytime soon, according to the report, Google Chrome is likely to introduce Do Not Track feature by the end of this year, which is 8-10 months away.
WebKit, a rendering engine used by a variety of mobile web browsers, including Google Chrome and Safari, appears to have a very serious flaw, which allows attackers to take a complete control over your smartphone.
According to George Kurtz, the former CTO of McAffee, who have co-founded a new security startup CrowdStrike and discovered the vulnerability, this means that pretty much every smartphone and tablet has this flaw. He has also confirmed that Windows Phone users were not affected.
No further details were revealed.
People freak out.
Just a few days ago, everyone was a huge fan of the HTML5. Now, it looks like at least a small amount of fans are freaking out over the industry’s DRM like protection proposal.
However, what they fail to realize is the fact that this is a necessary step, which would somewhat protect content providers, who actually spend money to produce such thing.
Just few days ago, Google has been accused of using a loophole in Apple’s Safari web browser, which allowed the search giant to track users by storing unwanted cookies.
Well, today Microsoft has published a report, stating that Google bypassed Internet Explorer’s privacy settings as well.
Pwn2Own, a computer hacking contest, which will begin on March 7th in Vancouver, British Columbia, has slightly modified its concept, according to sources.
First of all, smartphone hacks have been dropped completely in favor of the web browser exploits against Internet Explorer, Firefox, Google Chrome and Safari running on both Windows and Mac operating systems.
If you are wondering what Mozilla has been up to recently, then this article is a good starting point.
According to Johnathan Nightingale, Mozilla’s Director of Firefox Engineering, the company has been quite busy at brainstorming and implementing new ideas to improve Firefox’s security,