Navigation

Language Selection

Search

Pwn2Own: Chrome, Android, Firefox own; Safari, IE8, iOS, BB get pwned

Submitted by srlinuxx on Saturday 12th of March 2011 03:24:00 AM Filed under

Two days into the Pwn2Own hacking challenge, only a few still remain.

So far, hackers have not been able to exploit Mozilla Firefox 3.6, Google Chrome, and the mobile Android OS.

Victims of the contest include Internet Explorer 8, Apple Safari 5, iOS 4 and BlackBerry.

rest here

Login or register to post comments
Printer-friendly version
2377 reads
PDF version

More in Tux Machines

OSS Conferences and Funding

Request Travel Support for openSUSE Conference 2018

The Travel Support Program (TSP) provides travel sponsorships to openSUSE community who want to attend the openSUSE conference and need financial assistance. The openSUSE conference 2018 will be in Prague, Czech Republic from May 25 to May 27. The goal of the TSP is to help everybody in and around openSUSE to be able to attend the openSUSE Conference!
Open Source Summit Japan + Automotive Linux Summit Speakers and Agenda Announced [Ed: "Senior Software Engineer, Microsoft" so another Linux event... featuring Microsoft]
Percona Delivers First, Free, Open Source Method of Centralized Key Management for MySQL
Celebrate the WordPress 15th Anniversary on May 27

May 27, 2018 is the 15th anniversary of the first WordPress release — and we can’t wait to celebrate!
Outreachy Announces Summer 2018 Participants

Following Google announcing their GSoC 2018 participants, the Outreachy program to help support women and other under-represented groups in tech announced their summer 2018 interns.
The Most Interesting Google GSoC 2018 Projects: QEMU Vulkan, Virtual KMS, Nautilus GTK4

Google has announced the accepted student projects for this year's Google Summer of Code. As usual, there is an interesting mix of open-source software projects across the hundreds (or rather thousands) of applicants. Here's a look at the most interesting initiatives we found when going through the list.

Mozilla: Rust, Security, Things Gateway, Firefox and More

Rust pattern: Precise closure capture clauses

This is the second in a series of posts about Rust compiler errors. Each one will talk about a particular error that I got recently and try to explain (a) why I am getting it and (b) how I fixed it. The purpose of this series of posts is partly to explain Rust, but partly just to gain data for myself. I may also write posts about errors I’m not getting – basically places where I anticipated an error, and used a pattern to avoid it. I hope that after writing enough of these posts, I or others will be able to synthesize some of these facts to make intermediate Rust material, or perhaps to improve the language itself.
This Week in Rust
Mozilla publishes recommendations on government vulnerability disclosure in Europe

As we’ve argued on many occasions, effective government vulnerability disclosure (GVD) review processes can greatly enhance cybersecurity for governments, citizens, and companies, and help mitigate risk in an ever-broadening cyber threat landscape. In Europe, the EU is currently discussing a new legislative proposal to enhance cybersecurity across the bloc, the so-called ‘EU Cybersecurity Act’. In that context, we’ve just published our policy recommendations for lawmakers, in which we call on the EU to seize the opportunity to set a global policy norm for government vulnerability disclosure.
Testing Strategies for React and Redux
K Lars Lohn: Things Gateway - a Virtual Weather Station
Firefox DevEdition 60 Beta 14 Testday Results

As you may already know, last Friday – April 20th – we held a new Testday event, for Firefox DevEdition 60 Beta 14. Thank you all for helping us make Mozilla a better place: gaby2300, micde, Jarrod Michell, Thomas Brooks.
Supporting Same-Site Cookies in Firefox 60

Firefox 60 will introduce support for the same-site cookie attribute, which allows developers to gain more control over cookies. Since browsers will include cookies with every request to a website, most sites rely on this mechanism to determine whether users are logged in. Attackers can abuse the fact that cookies are automatically sent with every request to force a user to perform unwanted actions on the site where they are currently logged in. Such attacks, known as cross-site request forgeries (CSRF), allow attackers who control third-party code to perform fraudulent actions on the user’s behalf. Unfortunately current web architecture does not allow web applications to reliably distinguish between actions initiated by the user and those that are initiated by any of the third-party gadgets or scripts that they rely on.
Enterprise Policy Support in Firefox

Last year, Mozilla ran a survey to find out top enterprise requirements for Firefox. Policy management (especially Windows Group Policy) was at the top of that list. For the past few months we’ve been working to build that support into Firefox in the form of a policy engine. The policy engine adds desktop configuration and customization features for enterprise users to Firefox. It works with any tool that wants to set policies including Windows Group Policy.
any.js

Thanks to Ms2ger web-platform-tests is now even more awesome (not in the American sense). To avoid writing HTML boilerplate, web-platform-tests supports .window.js, .worker.js, and .any.js resources, for writing JavaScript that needs to run in a window, dedicated worker, or both at once. I very much recommend using these resource formats as they ease writing and reviewing tests and ensure APIs get tested across globals.
Alex Gibson: My fifth year working at Mozilla

Today marks my fifth year working for Mozilla! This past year has been both fun and frantic, and overall was a really good year for both Mozilla and Firefox. Here’s a run down a few of the things I got to work on.

Fedora Workstation 28 Coming Soon

Warming up for Fedora Workstation 28

Been some time now since my last update on what is happening in Fedora Workstation and with current plans to release Fedora Workstation 28 in early May I thought this could be a good time to write something. As usual this is just a small subset of what the team has been doing and I always end up feeling a bit bad for not talking about the avalanche of general fixes and improvements the team adds to each release.
Fedora Workstation 28 Is Shaping Up To Be Another Terrific Update

Fedora Workstation 28 is shaping up to be another compelling update for those that are fans of this bleeding-edge Red Hat sponsored Linux distribution. I've been running Fedora Workstation 28 snapshots on a few laptops and test machines here and am quite happy with how it's shaped up as another Fedora release that delivers not only the latest features, but doing so in a seemingly sane and stable manner: I haven't encountered any problems unlike some of the past notorious Fedora releases from years ago. Overall, I am quite excited for next month's Fedora 28 release and will be upgrading my main production system to it.

Android Leftovers

Latest News

What's New in Ubuntu 18.04 LTS Bionic Beaver

Have a look at the new features coming to Ubuntu 18.04 LTS.

today's leftovers

Google looks set to offer Linux on Chromebooks in the next few months

If that wasn't enough, a new commit in the parent Chromium OS offers "new device policy to allow Linux VMs on Chrome OS." Which about seals it. Read the accompanying Gerrit documentation and you get further confirmation: "At this time, in order for Linux VMs to run, the Finch experiment also needs to be enabled. After this feature is fully launched, the Finch control logic will be removed."
xorg-server 1.19.99.905

More bugfixes, and streams support for Xwayland. This will almost certainly be the last RC.
X.Org Server 1.20 RC5 Released, Adds EGLStreams To Let NVIDIA Work With XWayland

Adam Jackson of Red Hat today announced the X.Org Server 1.20 Release Candidate 5, which he believes will be the last test release before going gold. Most excitingly about this new release candidate is the merged support for allowing the NVIDIA proprietary driver to work with XWayland.
Darktable Receives Support for Fujifilm X-H1 and Sony Alpha A7 Mark III Cameras

darktable, the open-source and cross-platform RAW image editor supporting GNU/Linux, macOS, and Windows operating systems, has been updated today to version 2.4.3. darktable 2.4.3 is a maintenance update that brings support for new digital cameras, including the recently released Fujifilm X-H1 and Sony Alpha A7 Mark III (includes noise profiles and white balance presets), as well as the Kodak EOS DCS 3, Olympus PEN E-PL9, Panasonic Lumix DC-GX9, and Sony Cyber-shot DSC-RX1R II cameras. The update also brings noise profiles for the Canon PowerShot G1 X Mark III and Nikon D7500 digital cameras, and a bunch of new features like support for ratings and tags in the watermark module, a script to help users convert .dtyle files to the .xmp format, and support for building and installing noise tools.
Compact action-RPG 'The Swords of Ditto' is out with day-1 Linux support

The Swords of Ditto is the new compact action-RPG from developer onebitbeyond and publisher Devolver Digital and it just released, although it has a big flaw right now on Linux. Sadly, Devolver Digital didn't respond to our review request. Thankfully, the Linux heroes over at GOG sent over a copy for me.
Q4OS Centaurus 3.2 - new testing release

A new updated image of the Q4OS Centaurus testing live media has been just released, its core is based on the latest Debian Buster testing and Trinity Desktop 14.0.5 testing versions.
Ubuntu Touch lives on in Purism's Librem 5 smartphone

Not quite five years ago, Canonical tried to challenge Apple iOS and Google Android with Ubuntu Touch, an alternative smartphone Linux. Users, phone carriers, and the open-source community failed to support it, so Ubuntu founder Mark Shuttleworth closed the door on Ubuntu Touch development. But, in open source, programs don't die until its last developer gives up on it. Purism and UBports have partnered to offer Ubuntu Touch on Purism's Librem 5 smartphone.
Saying Something in April 2018

Being able to bang on (that is to say, percussively test) Bionic Beaver has been a blast. I haven't done ISO testing this round. Instead, I've been using my Xubuntu desktop daily watching things break and have been watching apport file bugs. Doing so makes me realize that, frankly, I am not normal in terms of installed packages or workflow. I have quite a bit of LaTeX installed due to church work. I have many ham radio-related things installed. Audio production and video production packages are installed too. Yes, sometimes I break down and even use LibreOffice. I don't have the whole package archive installed but I have a visible chunk of it in place as I use many things in many ways.
“Unpatchable” Nintendo Switch Bug Lets Hackers Fullfill Their Wild Dreams
Spectral Monitoring for Drone Defense Applications

The USRP Embedded Series platform uses the OpenEmbedded framework to create custom Linux distributions tailored to application specific needs. The default operating system is pre-installed with the UHD software API and a variety of third party development tools such as GNU Radio. Support for the RFNoC FPGA development framework enables deterministic computations for real-time and wideband signal processing.
How To Make Your Phone Look Like Android P
Friday Free Software Directory IRC meetup time: April 27th starting at 12:00 p.m. EDT/16:00 UTC
PyRoMine uses NSA exploits to mine Monero and disable security features [Ed: NSA back doors in Microsoft Windows is a gift that keeps giving... to crackers]

In an age where cryptomining software is beating out ransomware as the go-to for most hackers, a Python-based Monero miner is using stolen NSA exploits to gain an edge. In 2016 the Shadow Brokers leaked several hacking tools and zero-day exploits including ETERNALBLUE and ETERNALROMANCE that targeted versions of Windows XP/Vista/8.1/7/10 and Windows Server 2003/2008/2012/2016 and took advantage of CVE-2017-0144 and CVE-2017-0145. Fortinet researchers spotted a malware dubbed “PyRoMine” which uses the ETERNALROMANCE exploit to spread to vulnerable Windows machines, according to an April 24 blog post. The malware isn't the first to mine cryptocurrency that uses previously leaked NSA exploits the malware is still a threat as it leaves machines vulnerable to future attacks because it starts RDP services and disables security services.

today's howtos

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Tux Machines is proud to be hosted by

Support Tux Machines

Help Support TM
Wall of Appreciation

Linux Gizmos

Linux Today

LinuxSecurity.com Advisories

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

Linux.com

DW Latest Releases

Phoronix

Content available under CC-BY-SA

Navigation

Language Selection

Search

Tux Machines Section/s

Authors Information

DistroWatch

LWN

LXer

OpenSource.com

Active forum topics