Results 1 to 2 of 2

Thread: Blackberry Pwned - Pwn2Own

  1. Mar 10, 2011, 07:47 PM #1
    jackal Guest

    Default Blackberry Pwned - Pwn2Own

    Blackberry falls............
    http://www.zdnet.com/blog/security/p...ad-attack/8401

    The BlackBerry is a system no one knows anything about. We know there’s a browser and a Java virtual machine. We had to assume that once we take over the browser, we can get further into the system,” Iozzo said.

    While planning the attack scenario, the researchers used a small information leakage bug to see small parts of the device memory and used that information to plot the way the exploit was laid out.

    The team did not have to jump through any anti-exploit mitigation hoops (the Blackberry does not have ASLR or DEP) but Iozzo said multiple bugs had to be chained together to see how the attack code was communicating with the rest of the system.

    iphone falls.....................
    http://www.zdnet.com/blog/security/c...4-exploit/8378

    The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.
    Safari goes in 5 seconds....................
    http://www.networkworld.com/community/node/72070

    This year, the first to be quickly shamed was Safari on a Macbook Air. It involved a use-after-free flaw in the Apple browser and took only 5 seconds! Ars Technica reported, "French security firm VUPEN was first to attack the browser, and five seconds after the browser visited its specially-crafted malicious web page, it had both launched the platform calculator application (a standard harmless payload to demonstrate that arbitrary code has been executed) and wrote a file to the hard disk (to demonstrate that the sandbox had been bypassed)." VUPEN waltzed out with $15,000 and a new MacBook Air.
    IE 8 falls...............
    http://www.zdnet.com/blog/security/p...e_skin;content
    Using three different vulnerabilities and clever exploitation techniques, Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win this year’s CanSecWest hacker challenge.
    Chrome remains strong as the contestant didn't show.

    Interesting. I am surprised that Blackberry got popped...........well not really.
    Last edited by jackal; Mar 10, 2011 at 08:02 PM.
    Reply With Quote Reply With Quote
  2. Mar 21, 2011, 05:06 PM #2
    barrettrs's Avatar
    barrettrs
    barrettrs is offline Guru
    Join Date
    Aug 2005
    Posts
    5,306
    Rep Power
    0

    Default

    Well the best fix to this vulnerability is to turn off javascript and your good to go. Check out this article http://www.engadget.com/2011/03/16/r...javascript-on/
    Ricardo Barrett
    Jesus+Education=Success
    BBM ME @ 7A70FCE3
    Whatsapp 1(876) 783-8991
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Options

About

Welcome to Tech Jamaica - Jamaica's Technology Portal Forum!


TechJamaica is the online resource of technology information, news, events and discussion forums focusing on technology in the Jamaican environment. Anything tech-related and Jamaican will be found on TechJamaica.com.

Social Media