SoylentNews is people
SoylentNews
The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another banner year, paying $442,000 for 21 critical bugs in all four major browsers, as well as Windows, Adobe Flash, and Adobe Reader.
The crowning achievement came Thursday as contestant Jung Hoon Lee, aka lokihardt, demonstrated an exploit that felled both the stable and beta versions of Chrome, the Google-developed browser that's famously hard to compromise. His hack started with a buffer overflow race condition in Chrome. To allow that attack to break past anti-exploit mechanisms such as the sandbox and address space layout randomization, it also targeted an information leak and a race condition in two Windows kernel drivers, an impressive feat that allowed the exploit to achieve full System access.
(Score: 5, Interesting) by CirclesInSand on Sunday March 22 2015, @02:21AM
It's not the code that matters (for security) as much as the side effects. It doesn't bother me so much that generalized program commands are running, it's the access that they have that is frightening. Popup windows, execute on close, microphone/camera integration, that's just a start. Combine that with plugin privileges being all-or-nothing rather than well defined and itemized, it's not the turing completeness that matters; it's the security that was decided by sellouts to advertisers and con artists.