test
Here’s What is New in iOS 4.2 for iPhone, iPad and iPod touch [Features]Earlier this week, Apple announced the much awaited iOS 4.2 update for the iPad. It brings tons of new features to iPad like Multitasking
Few days ago we reported about a new USB Modchip called PS Jailbreak for PlayStation 3 which enables you to dump games off original discs on the internal or any external drive connected to PS3
How to Downgrade iOS 4.2 to 4.1 / 4.0.2 / 4.0.1 on iPhone 4, 3GS, 3G and iPadiOS 4.2 was released earlier today. Just like iOS 4.1 and iOS 4.0.2, the new iOS 4.2 at the moment is not jailbreakable.
Android 2.2 Froyo for HTC EVO 4G is Now Officially Available for DownloadTC has finally rolled out Android 2.2 Froyo for HTC EVO 4G on Sprint. The image is available as direct download from HTC’s website. Here is the official description from Sprint
It’s here! Download Internet Explorer 9 Now !Microsoft has finally taken the wraps off its shiny new web browser: Internet Explorer 9. The beta version of IE 9 is now available for download for users running both 32 and 64-bit versions of Windows 7 and Vista.
BlackBerry Torch reviewWhen we began our review of the BlackBerry Torch (aka the Bold 9800), our hearts were all aflutter. The leaked shots we'd been seeing of some kind of Palm Pre-esque RIM slider
Epic 4G reviewOf the seemingly countless variants of the Galaxy S that Samsung's in the process of deploying around the globe, one stands out in a couple very unique (and important) ways: Sprint's Epic 4G
You Can Now Run Windows 7 and Linux on iPhone, iPod touch and iPad, Sort of.While you won’t be ever able to run a full-blown modern desktop OS like Windows or Linux on your iOS gadget anytime soon, but with virtual-machining software Parallels Desktop for Mac
Apple Releases New iPod touch 4G and iPod nano 6G Ads [Video]Earlier today, Apple overhauled the entire iPod lineup for fall 2010, bringing iPhone 4
Download Limera1n to Jailbreak iOS 4.1 on iPhone 4, 3GS, iPad, iPod touch 4GIts here folks! and its real!! Geohot is back big time with limera1n jailbreak for all iOS devices including: iPhone 4, iPhone 3GS, iPad, iPod touch 4G / 3G / 2G, untethered running iOS 4.1.
PwnageTool 4.1 for Jailbreaking Apple TV 2G, iPhone 4, iPad and iPod touch 4G Now Available for DownloadThe iPhone Dev Team has finally released PwnageTool 4.1 which is based on recently releasedLimera1n Geohot’s bootrom-based exploit.
Shocking! Apple Approves BitTorrent App for iPhone and iPod touch !After Apple relaxed its App Store restrictions, the first of apps that benefitted from this were Google Voice clients (like GV Connect and GV Mobile+)
Dutch researcher bypasses DEP, ASLR to bring down Microsoft's browser.
Two researchers yesterday won $10,000 each at the Pwn2Own hacking contest by bypassing important security measures of Windows 7.
Both Peter Vreugdenhil of the Netherlands and a German researcher who would only identify himself by the first name Nils found ways to disable DEP (data execution prevention) and ASLR (address space layout randomization), which are two of Windows 7's most vaunted anti-exploit features. Each contestant faced down the fully-patched 64-bit version of Windows 7 and came out a winner.
Vreugdenhil used a two-exploit combination to circumvent first ASLR and then DEP to successfully hack IE8. A half-hour later, Nils bypassed the same defensive mechanisms to exploit Mozilla's Firefox 3.6. For their efforts, each was awarded the notebook they attacked, $10,000 in cash and a paid trip to the DefCon hackers conference in Las Vegas this July.
"Every exploit today has been top-notch," said Aaron Portnoy, security research team lead at 3Com's TippingPoint security unit, the sponsor of the contest, in an interview at the end of the day Wednesday. "The one on IE8 was particularly impressive."
Vreugdenhil, a freelance vulnerability researcher, explained how he bypassed DEP and ASLR. To outwit ASLR -- which randomly shuffles the positions of key memory areas to make it much more difficult for hackers to predict whether their attack code will actually run -- Vreugdenhil used a heap overflow vulnerability that allowed him to obtain the base address of a .dll module that IE8 loads into memory. He then used that to run his DEP-skirting exploit.
DEP, which Microsoft introduced in 2004 with Windows XP Service Pack 2, prevents malicious code from executing in sections of memory not intended for code execution and is a defense against, among other things, buffer-overflow attacks.
"[The exploit] reuses Microsoft's own code to disable DEP," said Vreugdenhil. "You can reuse Microsoft's own code to disable memory protection."
In a paper he published today (download PDF), Vreugdenhil spelled out in more detail how he evaded both ASLR and DEP.
"It was a two-step exploitation," Vreugdenhil said of the unusual attack. "I could have done it with one, but it would have taken too long." Using the double-exploit technique gave him control of the machine in a little over two minutes; if he had used only one exploit, the task would have required 50 to 60 minutes.
"I didn't know how much time I would have at Pwn2Own," he said, referring to the constraints of the contest, where hackers had limited time slots. And he didn't want to bore his audience. "I put some eye candy in the exploit," he said, referring to a progress bar he inserted that read "Please be patient while you are being exploited..."
"It feels great," said Vreugdenhil of winning. "But I was nervous. I was convinced that there would be other exploits for IE8." This year's Pwn2Own was a first-come, first-served contest: The first researcher to hack each browser would win $10,000, but the second would take home nothing.
Nils also sidestepped DEP and ASLR in Windows 7 when he exploited the newest version of Firefox later in the day. Like Vreugdenhil, Nils also was awarded the notebook and $10,000. This was Nils' second Pwn2Own victory; last year he grabbed $15,000 by exploiting not only Firefox, but also Safari and IE8.
"As usual, Nils' exploit was very thorough," said TippingPoint's Portnoy, who is the organizer of the Pwn2Own contest.
TippingPoint purchased the rights to the flaws and attack code from Vreugdenhil, Nils and the other Pwn2Own winners. It will turn over that information to Microsoft, Mozilla and other affected vendors on Friday at the conclusion of the contest. Until vendors patch their vulnerabilities, TippingPoint will not disclose any technical information about the bugs.
Both Microsoft Corp. and Mozilla Corp. had representatives on hand during the contest.
Later, Jerry Bryant, a senior manager with the Microsoft Security Research Center (MSRC) acknowledged the vulnerabilities exploited by Vreugdenhil, but little else. "Microsoft is aware of a new vulnerability in Internet Explorer introduced at CanSecWest in the Pwn2own contest," Bryant said in an e-mail Wednesday. "We are investigating the issue and we will take appropriate steps to protect customers when the investigation is complete."
Bryant did not say when Microsoft would patch the flaws Vreugdenhil used. The company's next scheduled Patch Tuesday is April 13, but Microsoft typically takes much longer to produce its fixes, with testing time alone often running 30 to 60 days.
The lesson from this year's Pwn2Own is pretty simple, suggested Charlie Miller, another of Wednesday's winners. "What you can see at Pwn2Own is that bugs are still in software, and exploit mitigations like DEP and ASLR don't work. Even as [defensive measures] improve, researchers still end up winning."
(from internet)
blog comments powered by Disqus
