Google Chrome is via 2 bugs completely cracked, within 5 minutes. And then again cracked by another. Both hackers knew from the sandbox to escape and run code to execute.
The hack has happened in the Pwn2Own cracking contest at CanSecWest security meeting. The first cracking is done by the French security company VUPEN. In addition, Chrome also caught by another cracker, which thus assured of $ 60,000 prize money from Google. The Chrome-maker awards a total of $ 1 million for detected and reported vulnerabilities in its web browser.
The Internet giant will reward security researchers who exploits, complete with bugs used for this purpose, disclose to software makers. In late February, Google has decided to afford his own premiums, and no longer through Pwn2Own. The reason is that cracking game no longer requires that exploits and bugs will be shared with the creator of the cracked software.
Chrome-cracker when equal VUPEN has already shown no interest in Google’s terms. The French security company sells information about discovered security holes at large corporations and governments. And software vendors who have a contract with VUPEN.
A hacker has found serious vulnerabilities in a server of KPN, on which different customer databases were managed. The server is temporarily offline.
The weaknesses were discovered by chance by security and privacy expert Iliad el Matani, who reported the leak to Webwereld. He could see a configuration file that was created on March 24, 2009. The system is used by 15,000 customers, mainly SMEs, to manage their website.
Leaky old software
The server runs on an outdated version of Linux. Then an Apache server 2.0.52 installed. In this version are several serious weaknesses. The installed PHP version is badly outdated. The company uses version 4.4.9, which includes several serious weaknesses are. The latest version is 5.4.0.
Also included is version 126.96.36.199 of phpMyAdmin, a tool to manage databases. The most current version is 188.8.131.52, which the poem known vulnerabilities.
For all outdated software on the server of KPN are many leaks. On a generally accepted scale for the severity score a number of leaks 10.0. That is the maximum score.
Read more: webwereld
After last week that dutch ISP KPN was hacked, they published customer information from another hack online. The company then locked two million e-mail accounts as a precaution, and called on people to change the password.
The customers who changed their password received a confirmation by mail, but may have a letter with their e-mail address and password. This combination may lead to fraud and is not good cases for KPN customers.
The ISP now recognizes that this is not the right way and promises in the newspaper’s policy to adjust. From Sunday the situation is reversed. Meanwhile, it has over half a million customers changed their password.
KPN and Security..not a good combination!
PS Vita gets hacked to run Sega Genesis games
The race is on. Proving that no gadget is hack-proof, homebrew developers have discovered an exploit in the PS Vita and have used it to get Sega Genesis games running on the handheld.
On the market (Asian) for a little over two weeks, the PS Vita got its first “Hello World” just before the end of 2011 and now, the next level of hacking has begun.
According to frwololo’s YouTube video, the hack uses an exploit in the PS Vita’s PSP emulator. Combined with Half Byte Loader and and an emulator called “picoemulator”, frwololo can spoof the PS Vita into play Genesis games like Sonic & Knuckles albeit without properly synced audio.
Bear in mind, PS Vita hacks are still in their infancy, and frwololo even warns that Sony has tougher security measures in place on the handheld, so a public release of the exploit might not be made soon.
via PS Vita gets hacked to run Sega Genesis games | DVICE.
Hacker group PrivateX is said to be responsible for bringing down several Philippine government Web sites, including the office of the country’s vice president Jejomar Binay, on New Year’s day, a report noted.
News wire AFP reported Tuesday that a series of New Year’s day attacks temporarily took down the government sites, with the country’s vice president pinpointing PrivateX as the group that were behind the attacks.
via Philippine govt Web sites hacked – ZDNet Asia News.