http://www.wired.com/threatlevel/2012/03/zero-days-for-chrome/ By Kim Zetter Threat Level Wired.com March 9, 2012 VANCOUVER, British Columbia -- Just hours before the end of Google’s $1 million hack challenge, a teenager who once applied to work at Google without getting a response, hacked the company’s Chrome browser using three zero-day vulnerabilities, one of which allowed him to escape the browser’s security sandbox. The tall teen, who asked to be identified only by his handle “Pinkie Pie” because his employer did not authorize his activity, spent just a week and a half to find the vulnerabilities and craft the exploit, achieving stability only in the last hours of the contest. A demonstration of the teen’s hack took a slight departure from other hack demonstrations this week. Instead of opening the calculator application on the targeted machine to demonstrate success, Pinkie Pie’s hack ended with an image of an axe-wielding Pinkie Pie pony, a character from the wildly popular My Little Pony animated TV series. The hack qualifies him for one of the top $60,000 prizes that are part of Google’s $1 million Pwnium challenge, and could be the launch of a new security career. [...] ______________________________________________________________________________ Learn how to be a Pen Tester or a CISSP with Expanding Security online. Get a free class invitation and see how good and fun the program really is. http://www.expandingsecurity.com/PainPillReceived on Mon Mar 12 2012 - 01:09:02 PDT
This archive was generated by hypermail 2.2.0 : Mon Mar 12 2012 - 01:25:59 PDT