If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Phys Org2)   Chrome OS thwarts attack attempts in Pwnium challenge, then takes all of hackers' personal info, offers delicious recipes for spam casserole and new college degrees   (phys.org) divider line 26
    More: Followup, Chrome OS, Pwnium, academic degrees, Pwnium challenge, spam, recipes, hackers, .info  
•       •       •

4887 clicks; posted to Geek » on 11 Mar 2013 at 9:27 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



26 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread
 
2013-03-11 09:32:19 AM
And $3.1415 million, no less.  The OS must have really been airtight if that sort of bait was being dangled.
 
2013-03-11 09:34:10 AM
I'm not interested in anything nefarious or malicious, but I am curious...how does one go about learning how to do this kind of stuff?  Is there a Hacking 101 out there somewhere?
 
2013-03-11 09:35:53 AM

IntertubeUser: I'm not interested in anything nefarious or malicious, but I am curious...how does one go about learning how to do this kind of stuff?  Is there a Hacking 101 out there somewhere?


Pay no mind to that black van at the end of your street, or the helicopters....it's just a drill.
 
2013-03-11 09:43:28 AM

Lt. Cheese Weasel: IntertubeUser: I'm not interested in anything nefarious or malicious, but I am curious...how does one go about learning how to do this kind of stuff?  Is there a Hacking 101 out there somewhere?

Pay no mind to that black van at the end of your street, or the helicopters....it's just a drill.


Not sure why it wouldn't be worthwhile learning. I'd like to. You can't protect yourself from attacks, if you don't understand the tools and methods that hackers use.
 
2013-03-11 09:52:45 AM

IntertubeUser: I'm not interested in anything nefarious or malicious, but I am curious...how does one go about learning how to do this kind of stuff?  Is there a Hacking 101 out there somewhere?


Yup Sans has a pretty extensive list of courses that mostly covers using existing tricks and combos of them but also goes into details of how they work.  To compete in one of those pwnee type challenges though you'd have to be writing your own code and being awfully good at reverse engineering stuff, ie the learning behind that is your typical computer science degree and a healthy aptitude in a pretty wide set of disciplines within that.  Its one thing to write code, its another to read someone else's and figure out how to trick it into doing things they didn't intend.
 
2013-03-11 10:03:59 AM
Can you imagine if Microsoft ran one of these? It would look like an inner city gun buyback program.
 
2013-03-11 10:35:15 AM

enik: Can you imagine if Microsoft ran one of these? It would look like an inner city gun buyback program.


All the browsers running on Windows were compromised this year, however I'm curious why no one took on Safari on the Mac. Previous years, that was the first to go.
 
2013-03-11 10:38:05 AM

IntertubeUser: I'm not interested in anything nefarious or malicious, but I am curious...how does one go about learning how to do this kind of stuff?  Is there a Hacking 101 out there somewhere?


Aside from what BumpInTheNight mentioned, frankly trolling cve (http://cve.mitre.org/) and studying the examples given for the vulns isn't a bad thing to do either- specifically you can grab the package/versions w/ known vulnerabilities and try it out for yourself, to see how exactly it works, approach taken, etc.  In particular, it's a good way to see real world examples of how array bounding issues are abused (including bypassing of canaries in some select cases).

Frankly, what's fun about pwnium is chrome is a layered beast- so you wind up seeing some pretty fun chaining of standalone flaws; fun examples being  http://blog.chromium.org/2012/05/tale-of-two-pwnies-part-1.html  and  http://blog.chromium.org/2012/06/tale-of-two-pwnies-part-2.html  (14 separate issues involved to finally gain control).  The macguyverism involved there is pretty impressive.
 
2013-03-11 10:39:35 AM

Unoriginal_Username: Lt. Cheese Weasel: IntertubeUser: I'm not interested in anything nefarious or malicious, but I am curious...how does one go about learning how to do this kind of stuff?  Is there a Hacking 101 out there somewhere?

Pay no mind to that black van at the end of your street, or the helicopters....it's just a drill.

Not sure why it wouldn't be worthwhile learning. I'd like to. You can't protect yourself from attacks, if you don't understand the tools and methods that hackers use.


Exactly. Also, if you have skills of this level, your computer becomes a much more powerful tool. I spend hours each day in front of this machine (or another machine-my phone) and I understand so little about either.
 
2013-03-11 10:55:44 AM
I'm a little surprised that Pinkie Pie dude didn't win it again...I think he did it the last two years in a row.

Then again, no one won, so maybe it's just a really strong system this year.
 
2013-03-11 10:56:08 AM

IntertubeUser: I spend hours each day in front of this machine (or another machine-my phone) and I understand so little about either.


It's run by magic.  Little e-fairies zap to and fro in the wires and make all the magic happen.

Or so my users are prone to think.

/I think I need more CPU, my YouTube page isn't loading fast enough.
 
2013-03-11 11:47:12 AM

xanadian: IntertubeUser: I spend hours each day in front of this machine (or another machine-my phone) and I understand so little about either.

It's run by magic.  Little e-fairies zap to and fro in the wires and make all the magic happen.

Or so my users are prone to think.

/I think I need more CPU, my YouTube page isn't loading fast enough.


Sometimes the users can provide a little bit of humor while you're working on their latest fk up that lost everything.
Other times you wonder how they can function at all. It's a surprise that breating isn't a challenge for them.
 
2013-03-11 11:49:31 AM

unchellmatt: enik: Can you imagine if Microsoft ran one of these? It would look like an inner city gun buyback program.

All the browsers running on Windows were compromised this year, however I'm curious why no one took on Safari on the Mac. Previous years, that was the first to go.


Why bother? Mac users just pwn themselves without anyhelp.
 
2013-03-11 01:29:09 PM

unchellmatt: enik: Can you imagine if Microsoft ran one of these? It would look like an inner city gun buyback program.

All the browsers running on Windows were compromised this year, however I'm curious why no one took on Safari on the Mac. Previous years, that was the first to go.


Microsoft was bragging about how IE 10 is super-secure and just released Windows 8 without actually fixing any of their decades-old security flaws.

So it was easy money and amusing at the same time.
 
2013-03-11 02:00:00 PM
THIS JUST IN: OS NO ONE USES RECEIVES LITTLE SECURITY SCRUTINY!
 
2013-03-11 03:20:42 PM

WayToBlue: THIS JUST IN: OS NO ONE USES RECEIVES LITTLE SECURITY SCRUTINY!


way to miss the point
 
2013-03-11 04:21:02 PM

WayToBlue: THIS JUST IN: OS NO ONE USES RECEIVES LITTLE SECURITY SCRUTINY!


Meanwhile Mac OS, another OS no one uses, has absolutely no security.
 
2013-03-11 05:28:05 PM
The Bestest

WayToBlue: THIS JUST IN: OS NO ONE USES RECEIVES LITTLE SECURITY SCRUTINY!

way to miss the point


Way to miss the joke. But don't kid yourself, a bounty like this does not put it on equal scrutiny footing with a platform like windows which has been heavily analyzed for decades.
 
2013-03-11 05:31:01 PM
Bullseyed

WayToBlue: THIS JUST IN: OS NO ONE USES RECEIVES LITTLE SECURITY SCRUTINY!

Meanwhile Mac OS, another OS no one uses, has absolutely no security.


? Care to expand, it's not clear to me what you're trying to say. OS X certainly has a much larger share than chromium, and it has reasonable security but has its own issues of course.
 
2013-03-11 06:45:47 PM

WayToBlue: Bullseyed

WayToBlue: THIS JUST IN: OS NO ONE USES RECEIVES LITTLE SECURITY SCRUTINY!

Meanwhile Mac OS, another OS no one uses, has absolutely no security.

? Care to expand, it's not clear to me what you're trying to say. OS X certainly has a much larger share than chromium, and it has reasonable security but has its own issues of course.


Because MAC users don't matter. They're toys and no one cares about them.
 
2013-03-11 08:04:26 PM
illegal.tender

WayToBlue: Bullseyed

WayToBlue: THIS JUST IN: OS NO ONE USES RECEIVES LITTLE SECURITY SCRUTINY!

Meanwhile Mac OS, another OS no one uses, has absolutely no security.

? Care to expand, it's not clear to me what you're trying to say. OS X certainly has a much larger share than chromium, and it has reasonable security but has its own issues of course.

Because MAC users don't matter. They're toys and no one cares about them.


Is the mis-captilization part of the joke?
 
2013-03-11 11:26:03 PM

xanadian: IntertubeUser: I spend hours each day in front of this machine (or another machine-my phone) and I understand so little about either.

It's run by magic.  Little e-fairies zap to and fro in the wires and make all the magic happen.

Or so my users are prone to think.

/I think I need more CPU, my YouTube page isn't loading fast enough.


Yeah I'm unfortunately the go to tech guy in the family and I have had to explain multiple times that even though the computer is brand new and the tubes are big, that video still won't load if the website BLOWS.

/Come back down Firefox is being slow again.
 
2013-03-12 01:04:14 AM

illegal.tender: WayToBlue: Bullseyed

WayToBlue: THIS JUST IN: OS NO ONE USES RECEIVES LITTLE SECURITY SCRUTINY!

Meanwhile Mac OS, another OS no one uses, has absolutely no security.

? Care to expand, it's not clear to me what you're trying to say. OS X certainly has a much larger share than chromium, and it has reasonable security but has its own issues of course.

Because MAC users don't matter. They're toys and no one cares about them.


I don't know, for quite a few years I just used Macs. Recently bought a new, non-Mac computer, and I'm pretty sure this whole Windows 8 thing was thought up by an MBA with autism. It took me about ten minutes to figure out how to shut the farking thing down, and that was basically just an accident.

/Contemplating an attempt at putting Ubuntu on this thing.
 
2013-03-12 01:43:15 AM

IntertubeUser: I'm not interested in anything nefarious or malicious, but I am curious...how does one go about learning how to do this kind of stuff?  Is there a Hacking 101 out there somewhere?


If you've just got a background in computer science, a lot of spare time and money on your hands, and enjoy reverse engineering, it's not really rocket science to find exploits.  It's typically more a statistical process than anything, both exploiters and the people trying to counter them basically do what this contest does, make some educated guesses, stick an example of their target on a local network, then throw things at it until it breaks of demonstrates it's compromised.

Eps05: Yeah I'm unfortunately the go to tech guy in the family and I have had to explain multiple times that even though the computer is brand new and the tubes are big, that video still won't load if the website BLOWS.

/Come back down Firefox is being slow again.


Make them pay you in food and/or beer, like the usual "come help me with my computer and then stay for dinner" deal you'd get when you were a teenager.
 
2013-03-12 11:10:25 AM

Bullseyed: WayToBlue: THIS JUST IN: OS NO ONE USES RECEIVES LITTLE SECURITY SCRUTINY!

Meanwhile Mac OS, another OS no one uses, has absolutely no security.


Meh, OS X has a ~10% share which is actually a fair amount when you consider the size of the worldwide computing market, about 4 x- 5x more than Linux, and probably 36626373x higher share than Chrome OS.
 
2013-03-12 11:12:08 AM
Also, if you think OS X has "no security" you're just a fanboy or very misinformed. But please, prove me wrong and go make buku cash as a security researcher ;-)
 
Displayed 26 of 26 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report