Posts tagged as:

hacking

What To Watch for in the Pwn2Own 2011 Contest?

by Mahesh Kukreja on March 8, 2011

Pwn2Own 2011 contest will be going live in the next 24 hours, i.e. on 9th March, 2011. Last year, all the major browsers and the iPhone were hacked.

Pwn2Own 2011

But Google’s Chrome Browser came untouched. This year, Google is offering a $20,000 cash prize for any hacker who can successfully compromise a Windows 7 machine via a vulnerability — and sandbox escape — in its Chrome web browser. The sandbox is designed to prevent attacks on a system when an exploit has managed to inject and execute code via a vulnerability.

Also, competitors who successfully exploit Internet Explorer, Safari or Firefox will bag a $15,000 cash prize as well as a laptop. Hackers will also get an opportunity to have their way with various mobile phone platforms including iOS on an iPhone 4, Windows Phone 7 on a Dell Venue Pro, Blackberry 6 on a Blackberry Torch 9800, and Android on a Nexus S. Successfully compromising any of those targets will secure the participant $15,000 in cash, the device itself, and 20,000 ZDI (Zero Day Initiative, founded by TippingPoint) reward points.

Apple has reportedly claimed to have patched its Safari browser before the Pwn2Own hacking contest. Last week, Apple also patched about 57 vulnerabilities in iTunes. Also, Microsoft has not patched any vulnerabilities in IE8.

Jenny Lewis at MobilesDNA tells us that an iPhone hacker will be demonstrating a new way to jailbreak and hack the iPhone. The same hacker, last year, hacked the iPhone and hijacked it’s SMS database without jailbreaking it. The hacker, @dinodaizovi, now claims to hack the iPhone through some BaseBand hole and use it for spying purposes. The thing that happens in movies. Pretty excited to see what happens!

A total of $125,000 worth of Prizes will be given away. Out of which, $20,000 will be rewarded by Google for breaking the sandbox ;)

Stay tuned via  Email or Twitter for latest news about Pwn2Own 2011.

Other posts by


Related Posts
Related Websites

{ 0 comments }

Facebook Hacking Alert! Beware!

by Mahesh Kukreja on March 25, 2010

I just checked my Junk/Spam folder of my Yahoo! Mail to see an email containing confirmation for Facebook Password Reset. The mail is attached with a .zip file (probably containing a virus).

facebook hack

I didn’t request any password reset for my account from Facebook. So, it’s probably a work of the Black Hats.

Beware of such emails. No site will send you an attached file even if you have requested for a password request. Don’t just download the attached file because the email came from @facebook.com. This is just done by email spoofing.

So, protect yourself from Hackers & Viruses.

Happy Social Networking.

Other posts by


Related Posts
Related Websites

{ 0 comments }

Microsoft Warns of SQL Attack

by Mahesh Kukreja on December 23, 2008

SQL stands for Structured Query Language. SQL Attack is kind of Hacking attack.

Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software.

Microsoft issued a security advisory late Monday, saying that the bug could be exploited to run unauthorized software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005.

Attack code that exploits the bug has been published, but Microsoft said that it has not yet seen this code used in online attacks. Database servers could be attacked using this flaw if the criminals somehow found a way to log onto the system, and Web applications that suffered from relatively common SQL injection bugs could be used as stepping stones to attack the back-end database, Microsoft said.

Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said.

The bug lies in a stored procedure called “sp_replwritetovarbin,” which is used by Microsoft’s software when it replicates database transactions. It was publicly disclosed on December 9 by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April.

“Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue,” Microsoft said in its advisory.

This is the third serious bug in Microsoft’s software to be disclosed in the past month, but it is unlikely to be used in widespread attacks, according to Marc Maiffret, director of professional services, with The DigiTrust Group, a security consulting firm. “It is rather low risk given other vulnerabilities that exist,” he said via instant message. “There are a lot of better ways to currently compromise windows systems.”

After seeing the Internet Explorer flaw used in a growing number of online attacks, Microsoft rushed out an emergency patch for the issue last Wednesday. The company says it has also seen “limited and targeted attacks” exploiting a serious bug in the WordPad Text Converter for Word 97 files. As with the SQL bug, this WordPad converter vulnerability has not been patched, but is a prime candidate to be fixed in Microsoft’s upcoming January 13 security updates.

Other posts by


Related Posts
Related Websites

{ 0 comments }