http://www.computerworld.com/s/article/9174101/Hacker_busts_IE8_on_Windows_7_in_2_minutes?source=CTWNLE_nlt_dailyam_2010-03-25
<quote>
When his turn came, Pwn2Own newcomer Peter Vreugdenhil successfully
exploited a vulnerability in IE8 running on Windows 7 with attack code
called "technically impressive" by TippingPoint because it bypassed
the operating system's Data Execution Prevention, or DEP, security
mechanism, which is designed to stop most attacks.
Like Miller, Vreugdenhil, a freelance vulnerability researcher from
the Netherlands, earned a $10,000 prize.
Another former winner, a German computer science student known only by
his first name, Nils, was awarded $10,000 for hacking Firefox on
Windows 7.
</quote>
I didn't see any mention of successful Linux pwns
Of the browsers set up as targets for the contest, only Google's
Chrome remained standing on the first day.
|
|
0
|
|
|
|
Reply
|
 rex.ballard (3726)
|
3/25/2010 6:01:14 PM |
|
"Rex Ballard" <rex.ballard@gmail.com> schreef in bericht
news:7e93d335-e195-4425-9fec-532763abf83c@i25g2000yqm.googlegroups.com...
>
>
> http://www.computerworld.com/s/article/9174101/Hacker_busts_IE8_on_Windows_7_in_2_minutes?source=CTWNLE_nlt_dailyam_2010-03-25
>
> <quote>
> When his turn came, Pwn2Own newcomer Peter Vreugdenhil successfully
> exploited a vulnerability in IE8 running on Windows 7 with attack code
> called "technically impressive" by TippingPoint because it bypassed
> the operating system's Data Execution Prevention, or DEP, security
> mechanism, which is designed to stop most attacks.
>
> Like Miller, Vreugdenhil, a freelance vulnerability researcher from
> the Netherlands, earned a $10,000 prize.
>
> Another former winner, a German computer science student known only by
> his first name, Nils, was awarded $10,000 for hacking Firefox on
> Windows 7.
> </quote>
>
>
> I didn't see any mention of successful Linux pwns
No obviously not, there was simply no Linux system at Pwn2Own
http://bit.ly/dynxr5
(poorly translated by Google)
[q]
Linux
Like previous years, Linux is the great absent again Pwn2Own during the
game. This has nothing to show that it is difficult to hack Linux. "It is
probably easier, although this does depend on the Linux version you are
talking about," says Miller. The reason Linux is not taking part because few
people on the desktop. In addition there are the leaks in the browser and
running on both Windows and Linux.
[/q]
Pwn2Own is not interested in Linux, it's so easy to hack, (says Miller), no
challenge to do such a trick!
Just like Unix guru Andy Tanenbaum wrote:
[q]
"most attackers think hitting Windows offers a bigger bang for the buck so
Windows simply gets attacked more."
[/q]
http://lists.virus.org/securecoding-0405/msg00035.html
> Of the browsers set up as targets for the contest, only Google's
> Chrome remained standing on the first day.
|
|
|
0
|
|
|
|
Reply
|
 Clogwog
|
3/25/2010 6:58:15 PM
|
|
On Mar 25, 2:58=A0pm, "Clogwog" <BWAHAHAH...@BWAHAHAHAAA.LOL> wrote:
> "Rex Ballard" <rex.ball...@gmail.com> schreef in berichtnews:7e93d335-e19=
5-4425-9fec-532763abf83c@i25g2000yqm.googlegroups.com...
> > I didn't see any mention of successful Linux pwns
> No obviously not, there was simply no Linux system at Pwn2Ownhttp://bit.l=
y/dynxr5
> (poorly translated by Google)
That explains why it was not mentioned.
> [q]
> Linux
> Like previous years, Linux is the great absent again Pwn2Own =A0during th=
e
> game. This has nothing to show that it is difficult to hack Linux. "It is
> probably easier, although this does depend on the Linux version you are
> talking about," says Miller. The reason Linux is not taking part because =
few
> people on the desktop. In addition there are the leaks in the browser and
> running on both Windows and Linux.
> [/q]
I've heard this claim numerous times, yet I have yet to see someone
successfully pwn a properly configured Linux system.
I suppose it couldn't be that difficult, since someone cracked the Mac
in 8 seconds last year. What did Apple do, set the root password to
root or something?
> Pwn2Own is not interested in Linux, it's so easy to hack, (says Miller), =
no
> challenge to do such a trick!
Again, not much record of successful hacks. Given the millions of
Linux servers out there, you'd think someone would have cracked a few
thousand at the same time by now.
Most "successful cracks" involve bone-head configurations in which the
machine has been set up exactly the way utilities like rsh and rlogin
tell you NOT to set it up. Classic bone-head plays include things
like setting the wild card in hosts.equiv, letting people ftp
executable files to the cgi-bin directory, and setting up signed java
applets to accept a developer key as a fully validated key.
> Just like Unix guru Andy Tanenbaum wrote:
> [q]
> "most attackers think hitting Windows offers a bigger bang for the buck s=
o
> Windows simply gets attacked more."
> [/q]http://lists.virus.org/securecoding-0405/msg00035.html
Yes, but I would think that Microsoft would pay a handsome bounty to
be able to say that Linux was hacked in 8 seconds. If that's actually
possible.
> > Of the browsers set up as targets for the contest, only Google's
> > Chrome remained standing on the first day.
Congratulations to Google.
|
|
|
0
|
|
|
|
Reply
|
Rex
|
3/25/2010 7:25:03 PM
|
|
Rex Ballard "contributed" in comp.os.linux.advocacy:
> Windows 7 hacked in 2 minutes - Twice
It wasn't hacked -twice-, he just took 2 vulnerabilities to speed up the
hack. If he only took one vulnerability, it would take up to 55 minutes to
achieve his goal. At least, the guy is Dutch.
;-)
--
<snip>
|
|
|
0
|
|
|
|
Reply
|
John
|
3/25/2010 8:31:57 PM
|
|
"John Holmes" <nospam.13inch@gmail.com> schreef in bericht
news:201003252031.o2PKVvD14621@smtp.cobalt.loc...
> Rex Ballard "contributed" in comp.os.linux.advocacy:
>
>> Windows 7 hacked in 2 minutes - Twice
>
> It wasn't hacked -twice-, he just took 2 vulnerabilities to speed up the
> hack. If he only took one vulnerability, it would take up to 55 minutes to
> achieve his goal. At least, the guy is Dutch.
> ;-)
>
>
I bet he could crack *any* Linux distro in 10 minutes!
http://bit.ly/dynxr5
poorly translated by Google
(According to security expert Charlie Miller)
[q]
Linux
Like previous years, Linux is the great absent again Pwn2Own during the
game. This has nothing to show that it is difficult to hack Linux. "It is
probably easier, although this does depend on the Linux version you are
talking about," says Miller. The reason Linux is not taking part because few
people on the desktop. In addition there are the leaks in the browser and
running on *both* Windows and *Linux* .
[/q]
Let's wait for COLA cretin nr. 1 & self anointed "security expert", Peter
Kohlkopf, to deny what the *real* expert said.
<chuckle>
--
How to write a Linux virus in 5 easy steps
http://www.geekzone.co.nz/blog.asp?postid=6229
|
|
|
0
|
|
|
|
Reply
|
Clogwog
|
3/25/2010 9:11:17 PM
|
|
On Mar 25, 5:11=A0pm, "Clogwog" <BWAHAHAH...@BWAHAHAHAAA.LOL> wrote:
> "John Holmes" <nospam.13i...@gmail.com> schreef in berichtnews:2010032520=
31.o2PKVvD14621@smtp.cobalt.loc...
> > Rex Ballard "contributed" in comp.os.linux.advocacy:
> >> Windows 7 hacked in 2 minutes - Twice
> > It wasn't hacked -twice-, he just took 2 vulnerabilities to speed up th=
e
> > hack. If he only took one vulnerability, it would take up to 55 minutes=
to
> > achieve his goal. At least, the guy is Dutch.
> > ;-)
I thought two different people won awards and laptops for pwning -
maybe I misread.
> I bet he could crack *any* Linux distro in 10 minutes!
I'd like to see him try. Anyone can SAY they can do something.
Actually DOING it is harder.
http://bit.ly/dynxr5
> poorly translated by Google
> (According to security expert Charlie Miller)
> [q]
> Linux
> Like previous years, Linux is the great absent again Pwn2Own =A0during th=
e
> game. This has nothing to show that it is difficult to hack Linux.
Actually, it proves nothing either way. For whatever reason, they
sponsors of the contest didn't want to risk their laptops to Linux.
Never mind that millions of Linux and UNIX servers risk far more than
the cost of a laptop. Many *nix systems process millions of dollars
per minute, some even millions of dollars per second. A successful
hack would be catastrophic - it would make headlines - it would
probably also result in federal prosecution.
> "It is
> probably easier, although this does depend on the Linux version you are
> talking about," says Miller.
So he really doesn't know one way or the other.
> The reason Linux is not taking part because few
> people on the desktop.
Or because the sponsors didn't want Linux to be there - and survive.
Microsoft was really hoping they would do much better.
After all, last year, a Mac was hacked in 8 seconds.
Made Vista look pretty good - for a few days anyway.
If Linux did as well as Chrome, and lasted through the first whole
day, that would be really embarrassing for BOTH Microsoft and Apple.
> In addition there are the leaks in the browser and
> running on *both* Windows and *Linux* .
> [/q]
The one that I can think of is signed Java applets. The browser could
run one of those and it would get out of the JVM "sand-box" - but it
would only be able to muck with the user's home directory.
> Let's wait for COLA cretin nr. 1 & self anointed "security expert", Peter
> Kohlkopf, to deny what the *real* expert said.
> <chuckle>
Actually, the real expert said he didn't know.
He THINKS it MIGHT be easy to gain root access and control of a Linux
system because it runs FireFox. He didn't say he was willing to
demonstrate in front of the reporter.
> How to write a Linux virus in 5 easy stepshttp://www.geekzone.co.nz/blog.=
asp?postid=3D6229
Rex Ballard
http://www.open4success.org
|
|
|
0
|
|
|
|
Reply
|
Rex
|
3/25/2010 10:25:10 PM
|
|
Clogwog "contributed" in comp.os.linux.advocacy:
> "John Holmes" <nospam.13inch@gmail.com> schreef in bericht
> news:201003252031.o2PKVvD14621@smtp.cobalt.loc...
>> Rex Ballard "contributed" in comp.os.linux.advocacy:
>>
>>> Windows 7 hacked in 2 minutes - Twice
>>
>> It wasn't hacked -twice-, he just took 2 vulnerabilities to speed up
>> the hack. If he only took one vulnerability, it would take up to 55
>> minutes to achieve his goal. At least, the guy is Dutch.
>> ;-)
>>
>>
>
> I bet he could crack *any* Linux distro in 10 minutes!
> http://bit.ly/dynxr5
> poorly translated by Google
> (According to security expert Charlie Miller)
> [q]
> Linux
> Like previous years, Linux is the great absent again Pwn2Own during
> the game. This has nothing to show that it is difficult to hack Linux.
> "It is probably easier, although this does depend on the Linux version
> you are talking about," says Miller. The reason Linux is not taking
> part because few people on the desktop. In addition there are the
> leaks in the browser and running on *both* Windows and *Linux* .
> [/q]
>
> Let's wait for COLA cretin nr. 1 & self anointed "security expert",
> Peter Kohlkopf, to deny what the *real* expert said.
> <chuckle>
> --
> How to write a Linux virus in 5 easy steps
> http://www.geekzone.co.nz/blog.asp?postid=6229
>
How to hack Linux? Easy. Boot the computer from a Win XP CD and format
the fucking HD.
Done. Easy as shit.
--
<snip>
|
|
|
0
|
|
|
|
Reply
|
John
|
3/25/2010 10:32:10 PM
|
|
Rex Ballard wrote:
> On Mar 25, 2:58 pm, "Clogwog" <BWAHAHAH...@BWAHAHAHAAA.LOL> wrote:
>> "Rex Ballard" <rex.ball...@gmail.com> schreef in berichtnews:7e93d335-e195-4425-9fec-532763abf83c@i25g2000yqm.googlegroups.com...
>
>
>>> I didn't see any mention of successful Linux pwns
>
>> No obviously not, there was simply no Linux system at Pwn2Ownhttp://bit.ly/dynxr5
>> (poorly translated by Google)
>
> That explains why it was not mentioned.
>
>> [q]
>> Linux
>> Like previous years, Linux is the great absent again Pwn2Own during the
>> game. This has nothing to show that it is difficult to hack Linux. "It is
>> probably easier, although this does depend on the Linux version you are
>> talking about," says Miller. The reason Linux is not taking part because few
>> people on the desktop. In addition there are the leaks in the browser and
>> running on both Windows and Linux.
>> [/q]
>
> I've heard this claim numerous times, yet I have yet to see someone
> successfully pwn a properly configured Linux system.
>
> I suppose it couldn't be that difficult, since someone cracked the Mac
> in 8 seconds last year. What did Apple do, set the root password to
> root or something?
>
They may have done so.
The really odd thing is that in 6 years I've yet to get hit by any kind
of malware. I've seen social engineered tricks in getting you to
install some software, but then one had to do chmod +x file and then run
it. I've also not seed one virus hit my macs. Maybe I'm using the
wrong kind of bait.
Anyway, there is an article that shows that AV software on OS X causes a
lot of os problems and it isn't worth it.
Of course a while back, these same hackers never could gain entry to
VMS. And they've tried for three days with no luck.
|
|
|
0
|
|
|
|
Reply
|
GreyCloud
|
3/26/2010 1:50:10 AM
|
|
|
7 Replies
125 Views
(page loaded in 0.16 seconds)
Similiar Articles: NTP and Cron - comp.protocols.time.ntp... that cron will fire off jobs twice? I ... cron only goes by a minimum of minutes ... and some vendors may have hacked in this behaviour, but this is the code in 4.2.0 that ... OT -- Windows 7 & 16-bit apps - comp.lang.xharbour> > But finally, a few minutes ago, I decided to also *copy ... with an Upgrade version (by Custom Install twice ... Hi I have an windows 7 64 and no 16bits apps can run on ... OpenGl Quake 3 engine Fix for ATI Cards..SoFII ...Jedi Knight ...Thanks to Ross Ridge here for that jk2 Hack ..I will ... is in XP& VISTA in ' Windows\System32 ' >>> In Windows 7 ... on ATi's > part would probably have been a 15 minute ... Any Experiences of 11r2 Win2k8R2 - comp.databases.oracle.server ...It doesn't beat it down by much, but, to my surprise, the Windows 7 Server was the ... Don't get me wrong, I am an old Unix/Linux hack who is used to working in Unix ... ntpd IPv6 support on Windows? - comp.protocols.time.ntpI am running Meinberg's Win32 binaries on Windows Server 2003: ntpd 4.2 ... isn't tunnelled over IPv4 using one lovely hack ... Please take a few minutes and read the header file ... Need a FORTRAN compiler for Win7 (or XP) - comp.lang.fortran ...google gfortran google 'windows 7 fortran ... I tried once or twice. Letter "O" versus ... invalid.com> wrote: > In a few minutes, I will send you three tiff files. Two are ... ntpd daemon does not start - comp.protocols.time.ntpI am running ntpd 4.2.0 on an embedded flavor of ... comp.unix.solaris If ntpd is found to run for 20 minutes ... ntpd and leap seconds on Windows - comp.protocols.time.ntp ... Timekeeping broken on Windows XP with multimedia timer enabled (-M ...> - Jitter is at 100+ millseconds > within a minute and ... December/025210.html > Even if under Vista/Windows 7 ... page are of a 4501 that has been significantly hacked ... Battlefront hacked - comp.sys.ibm.pc.games.war-historical ...Hi, Looks like they got hacked and customers are now ... because the DNS change over took about twice as long ... Snow Leopard Server instead of the previous Windows ... X10 PC Interface upgrade - comp.home.automationso you do it manually twice a year. BTW, I have seen ... Sequencing lights after two minutes is a waste of most ... Windows 7 >>> looks good, but really, what does it do ... Hacker busts IE8 on Windows 7 in 2 minutes - ComputerworldHacker busts IE8 on Windows 7 in 2 minutes Dutch researcher bypasses DEP, ASLR to bring down ... Pwn2Own was a first-come, first-served contest: The first researcher to hack ... Internet Explorer Hacked in 2 minutes on Windows 7Internet Explorer Hacked in 2 minutes on Windows 7 ... prevention) and ASLR (address space layout randomisation), two of Windows 7 ... 7/28/2012 8:20:21 AM
|
Search |
Post Question |
Groups |
Stream |
About |
Register
6 followers. 