Microsoft’s Edge Was Most Hacked Browser At Pwn2Own 2017, While Chrome Remained Unhackable

At the Pwn2Own 2017 hacking event, Microsoft’s Edge browser proved itself to be the least secure browser at the event, after it was hacked no less than five times. Google’s Chrome browser, on the other hand, remained unhackable during the contest. Tom’s Hardware reports: On the first day, Team Ether (Tencent Security) was the first to hack Edge through an arbitrary write in the Chakra JavaScript engine. The team also used a logic bug in the sandbox to escape that, as well. The team got an $ 80,000 prize for this exploit. On the second day, the Edge browser was attacked fast and furious by multiple teams. However, one was disqualified for using a vulnerability that was disclosed the previous day. (The teams at Pwn2Own are supposed to only use zero-day vulnerabilities that are unknown to the vendor. Two other teams withdrew their entries against Edge. However, Team Lance (Tencent Security) successfully exploited Microsoft’s browser using a use-after-free (UAF) vulnerability in Chakra, and then another UAF bug in the Windows kernel to elevate system privileges. The exploit got the team $ 55,000. Team Sniper (Tencent Security) also exploited Edge and the Windows kernel using similar techniques, which gained this team the same amount of money, as well. The most impressive exploit by far, and also a first for Pwn2Own, was a virtual machine escape through an Edge flaw by a security team from “360 Security.” The team leveraged a heap overflow bug in Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape. The team hacked its way in via the Edge browser, through the guest Windows OS, through the VM, all the way to the host operating system. This impressive chained-exploit gained the 360 Security team $ 105,000. The fifth exploit against Edge was done by Richard Zhu, who used two UAF bugs–one in Edge and one in a Windows kernel buffer overflow–to complete the hack. The attack gained Zhu $ 55,000. At last year’s Pwn2Own 2016, Edge proved to be more secure than Internet Explorer and Safari, but it still ended up getting hacked twice. Chrome was only partially hacked once, notes Tom’s Hardware.

Read more of this story at Slashdot.


Slashdot

Ask Slashdot: What Training Helps Older Programmers Most?

brown.dragon is an older programmer moving to Australia. He writes:

I want to start an online solution that other programmers find helpful, and right now I’m wondering if I should go with “learning new technologies” or “getting really good at the basics”. Both are targeted towards giving a career boost to older programmers…

Would you like to keep in touch with the latest technologies because that’s what makes it easy to get jobs? Or would you like to be really good at answering (Google/Facebook/Amazon) algorithmic interview questions?

He asks programmers looking for an online educational tool, “which of these (if any), would interest you?” So leave your answers in the comments. What training do you think would help older programmers most?

Read more of this story at Slashdot.


Slashdot

‘Most Serious’ Linux Privilege-Escalation Bug Ever Is Under Active Exploit

Reader operator_error shares an ArsTechnica report: A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible. While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it’s not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that’s a part of virtually every distribution of the open-source OS released for almost a decade. What’s more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild. “It’s probably the most serious Linux local privilege escalation ever,” Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. “The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time.” The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as “important.”

Read more of this story at Slashdot.


Slashdot

Pokemon Go’s Paying Population Drops By 79% — Still Most Profitable Mobile App In The US

An anonymous reader quotes a report from Metro: The world’s obsession with Pokemon Go was clearly never going to last, but the incredible thing about its success is that although the paying population of the game is now down by 79% from its mid-July peak it’s still easily the most profitable mobile app in the U.S.. According to analysts at Slice Intelligence, at its peak Pokemon Go inspired twice as many people as normal to spend money on mobile games, but that’s now returned to normal. But Pokemon Go still accounts for 28% of all money spent on mobile games in America, bringing in six times more than nearest rival Candy Crush Saga. The obvious problem for Pokemon Go is that there’s not really much gameplay to keep you coming back, and as winter approaches wandering around the countryside is going to lose some of its appeal somewhat. But there’s a huge range of new features that could be added to the app, and just this week has seen the introduction of the buddy feature that lets you walk around and team-up with a particular Pokemon. There’s also the delayed release of the Pokemon Go Plus Bluetooth device and the recent announcement of the Apple Watch app.

Read more of this story at Slashdot.


Slashdot