Hackers exploited the 3 major browsers on day one of Pwn2Own. As expected, IE8, FireFox and Safari were all penetrated within minutes of the competition starting.
Most impressively, Peter Vreugdenhil, was able to exploit a vulnerability in IE8 on Windows 7 allowing him to bypass the operating systems DEP (Data Execution System) security mechinism designed to stop this sort of attack. Vreugdenhil, a first time Pwn2Own participant, earned a $10,000 prize for his efforts.
The only browser left standing after day one was Google Chrome.
Torrents of Microsoft COFEE have been springing up everywhere and the hype is ridiculous. Obviously, it’s illegal to pirate software. Furthermore, the EULA for this particular software is limits it’s use to law enforcement officials only. Other than that, most everything else you’ve heard about this stuff is false.
COFEE, or Computer Online Forensic Evidence Extractor, is a set of tools and a GUI that Microsoft has created to assist undereducated law enforcement officials with basic computer forensics.
An officer with even minimal computer experience can be tutored—in less than 10 minutes—to use a pre-configured COFEE device.
This is not some wild, as-seen-on-tv, NSA creation. It’s just a compilation of tools (about 150 or so) for information and evidence gathering. A rootkit and some automation. Most everything included with COFEE is available, in some form, all over the internet.
The fine folks over at WordPress just released what they’re calling a “hardening” upgrade. Version 2.8.5 doesn’t have any new features, just some code improvements to make sure you’re WP site stays safe…
As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.
Microsoft is releasing 13 updates (of which 8 have been deemed “critical”) and Adobe will be releasing an update to plug a zero-day flaw that’s now being actively exploited.
Bruce Scheiner lays out exactly what I’ve been thinking about the last week’s cyber attacks allegedly attributed to N. Korea. The first commenter nails it on the head when he says that big media will run with stories like these just to sensationalize for the sake of ratings. QFT:
Securing our networks doesn’t require some secret advanced NSA technology. It’s the boring network security administration stuff we already know how to do: keep your patches up to date, install good anti-malware software, correctly configure your firewalls and intrusion-detection systems, monitor your networks.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_c.png?x-id=2c1bd23f-65d6-4ee6-9548-2202a140f6fe)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_c.png?x-id=ac9516d0-70a2-4d35-9a8c-315ed7d76159)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_c.png?x-id=12596acc-7370-4b86-91fa-14a3f4befbe4)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_c.png?x-id=829a3da3-c6b4-48a6-825e-caf7a8e2351c)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_c.png?x-id=ed24563a-c8be-4918-ba26-c51308115a90)
