exploits « WordPress.com Tag Feed

She Poses

texpatstarling — Thu, 11 Apr 2013 16:04:39 +0000

Who’s a pretty baby? You are! Yes, you are. Meet Dylan – three months new. She was compl

The Shodan Search Engine IS a Bit Scary

Martha Sperry — Tue, 09 Apr 2013 18:54:37 +0000

But it may be indicative of the lurking loss of privacy and security we seem to freely exchange for the convenience of connectivity.

There are search engines out there specializing in all sorts of online information. I have highlighted some here, for example search tools that delve into the deep web. Shodan is different. Shodan searches for devices connected to the Web. Like servers. Printers. Routers. Webcams. Security cameras. Control systems for water parks. Really? Yup, really. And it can see what is secured out there and what is unsecured. From a CNN Money article that ran the rounds yesterday:

A quick search for “default password” reveals countless printers, servers and system control devices that use “admin” as their user name and “1234″ as their password. Many more connected systems require no credentials at all — all you need is a Web browser to connect to them.

Search parameters include location by city or county, latitude or longitude. Or search by hostname, operating system or IP address. It also allows you to export your search results by XML, so you can take it with you, with the IP and physical location associated with the result. And, if you don’t want to do the heavy lifting, let some other ~~hackers~~ users do the work for you with shared searches.

Even scarier, use Shodan Exploits to search for known vulnerabilities and exploits lurking out there.

I can hear you now – “Oh.Em.Gee. How long has this been out there?” Three years. When you search one of their shared searches for, say, video web servers, you will see results from 2010 forward. Shodan is celebrating its three year anniversary with a decent flurry of press activity. Great. Now more ~~hackers~~ users will know about this means of tapping stuff.

I totally understand that being fore-warned is to be fore-armed, and that the principle purpose of this is to enhance security rather than shake up that fragile concept, but my pessimistic self can’t help but consider all the nefarious uses such a tool could promote. It is all great if device owners take heed and actually start securing these devices. FWIW, SHODAN (Sentient Hyper-Optimized Data Access Network) apparently is a name used for a fictional AI antagonist in the cyberpunk action role-playing video games System Shock and System Shock 2. Take from that what you may/will.

Shodan invites you to register using your social logins, but I had no problem running some searches without registering. Check it out. And be chilled.

Hacks and Scripts for Path of Exile

guildwars2freebot — Tue, 09 Apr 2013 16:36:38 +0000

There are many ways to make your game play in Path of Exile a lot easier: Auto hotkey scripts, bots, auto potion bots, auto looting, auto selling and lots of other functions that very simple and easy to use programs can do for you. On HackerBot.net you will find a section dedicated to PoE hacks, bots and the sharing of those and the knowledge that goes with owning and using these kinds of workarounds.

If you are interested in contributing or downloading these tools to help you to be one of the best players in all of Path of Exile, then join our community now and start sharing and leeching our software and be the best player you can be today.

Path of Exile – PoE Hacks on HackerBot

Guild Wars 2 bots & hacks

guildwars2freebot — Tue, 09 Apr 2013 16:30:36 +0000

If you are in desperate need of a way to get more gold, experience and crafting materials in Guild Wars 2, then you should check our our Guild Wars 2 section on Hackerbot.net.

HackerBot is a community of cheaters, coders and hackers that are working together to share knowledge and exploits to use in our favorite MMOs and other online and offline games.

Visit our Guild Wars 2 bots and hacks section now.

The Elder Scrolls Online

hackerbotnet — Mon, 08 Apr 2013 12:26:58 +0000

Looking for Cheats to use in TESO? HackerBot.net has a whole section dedicated to posting and downloading hacks and bots to use in The Elder Scrolls Online and also sharing information on how to use exploits and other means of getting around the rules. If you are a talented coder, are in possession of working scripts or simply want to download some working hacks, then sign up to our forum and be a part of our very active and attractive game hacking community.

The Elder Scrolls Online Hacks and Bots section on HackerBot.net

90 Seconds on The Verge: Daft Punk, Apple exploits, and T-Mobile

f410767 — Sun, 31 Mar 2013 11:09:28 +0000

AppId is over the quota
AppId is over the quota
By Ross Miller on March 25, 2013 06:17 pm @ohnorosco

Don’t miss any stories Follow The Verge

Remote Area Medical. Royal Academy of Music. Restaurant Association of Maryland. Rolling Airframe Missile. Reverse Annuity Mortgage. Read and Modify. Royal Australian Mint. Royal Arch Mason. Responsibility Assignment Matrix. Radar Absorbent Material. Relative Atomic Mass. Rectangular Approximation Method. Risk Assessment Matrix. Rechargeable Alkaline Manganese. Right Attacking Midfielder. Rochester Academy of Medicine. Richmond Art Museum. Regional Accounting Manager. Ross A. Miller.

Stories of the day:

Thanks for watching — you’re basically our favorite person. Watch more 90 Seconds on The Verge at 90so.tv, on iTunes, and on YouTube!

Today’s 90 Seconds on The Verge was written by Ross Miller. All production magic is credited to John Lagomarsino.

A peek inside the EgyPack Web malware exploitation kit

ddanchev — Fri, 29 Mar 2013 07:00:26 +0000

By Dancho Danchev On a daily basis we process multiple malicious campaigns that, in 95%+ of cases, r

Today's Scrip-Bit 27 March 2013 Daniel 11:32

randyobrien50 — Wed, 27 Mar 2013 10:19:30 +0000

Daniel 11:32. And such as do wickedly against the covenant shall he corrupt by flatteries: but the people that do know their God shall be strong and do exploits.

Oh Friends, at last, at long last, we had a day yesterday akin to, that bore some resemblance to spring! Now it was still a tad nippy with a noticeable wind blowing, but you could feel the difference in the atmosphere. I can’t think of a suitable analogy at the moment, but it’s like one of those things you can’t exactly put your hands or mind on, however you just know, you can feel the difference in your spirit. The sunshine was decent, people were walking around in shirtsleeves, and there was even water running in the drains from the thawing of the snow. Wow! And all God’s people in the northern climes gave out a joyous shout of, ‘Glory Hallelujah! Spring is here at last! Thank You Lord!’ Yeh mih people, rejuvenation of the earth up north is just around the corner; wet earth, green grass, blooming flowers, budding green leaves, singing birds, buzzing bees, lots of flora and fauna, all for real. And isn’t it wonderful that it’s all happening just when our souls and spirits are also being rejuvenated by a sacrificed Christ, who will winter in the grave for three days, from this Friday, Good Friday, then is going to rise majestically, like spring time, on this Sunday, Easter Sunday, to proclaim new life for the faithful for all eternity? It sure is! Oh Friends, I get so emotional when I think about it all, that I just have to keep reminding us of the wonderful and ever-LOVING God that we serve and worship. What other supposed deity has ever come close to the standards of our Holy Trinity eh? NONE my brethren, NONE! And NONE will ever come close, because our Godhead is the ONE AND ONLY TRUE GOD IN EXISTENCE! And all God’s children sang out loud and clear: ‘Praise the Lord, for He is indeed a wonderful God, worthy to be served and praised!’ And in this Holy Week of 2013 Friends, we need to buckle down, to get real serious about the work Christ has called us to do. As our Bit so rightly declares: ‘And such as do wickedly against the covenant shall he corrupt (pollute) by flatteries: but the people that do know their God shall be strong and do exploits (take action).’ That comes from Daniel’s prophecy, re the scholars: ‘an amazing summary of about two hundred years of the history of the wars between Egypt and Syria that took place during the fourth through the second centuries B.C, All of these prophecies, however, were written by Daniel in the sixth century B.C.’ That’s at least a couple hundred years before the wars actually begun, solidifying the Good Book and its contents as a vehicle, a testimony of awesome truth! However Friends, we are also experiencing hard and troubled times, Life’s not getting any easier, in fact it’s getting more difficult day by day as we trundle along in our evil, ungodly ways. And it’s getting even shorter for those of us moving up the ladder of age. That means, if we want to leave a mark in this world, to make a difference as is required of us, then my brethren, we have to get serious and get our action going NOW! Tomorrow will be too late! The believers in Christ have to transform themselves into followers, meaning DO as Christ desires, not merely talk about it. Oh Friends, I don’t know how to truly galvanize us Christians to action nuh, but I know that we do need to become much more action oriented than we currently are. We need to begin seriously fighting back against the evil powers, both physical and spiritual, that are currently controlling our world. I know that saying it and doing it are two different things, and the doing is much harder. But then we need to remember that we’re indwelt by the Holy Spirit of the Most High God Jehovah, Creator of the universe and all therein, which means that we have the most powerful force in the universe right in our own backyard, so to speak. And don’t forget the scripture that so rightly and reassuringly tells us that ‘greater is he that is in you, than he that is in the world.’ (1 John 4:4b) And that’s gospel truth Friends: Jesus is indeed greater than Beelzebub! So we have no real excuse for our tardiness or inaction in moving the LOVE Revolution along, because the scripture also tells us: ‘For God hath not given us the spirit of fear; but of power, and of LOVE, and of a sound mind.’ (2 Tim.1:7) So what are we waiting for to rise up and take back what rightfully belongs to our God eh my people? It only needs our willingness now to do it. Obviously it won’t be easy, because Lucifer and his evil cronies won’t give up their ill-gotten gains without a serious fight. But as I’ve just pointed out, we have all the tools to take it away, we just need to unite, be of the same mind, have one true purpose. And unfortunately, until we seriously make a move towards Christian unity, Lucifer and his buddies will remain enthroned, continuing the successful strategy of dividing and conquering us. Oh my brethren, today I’m calling on all true believers in Christ to become followers, to unite as He desires us to do, then to get some serious action going, so we can ignite a flame over the whole world and thus ensure the success of the LOVE Revolution that our God requires us to instigate and WIN! And what better time to do it than this Easter Season, the most important time in the history of our Church, when Christ defeated death, Lucifer and the grave, and rose to glory, taking us with Him. Oh my people, Jesus requires us now to step up to the plate and fight a strong, steadfast and faithful fight, like He did in His time here on earth, and is now doing on our behalf in heaven. Please, let’s not disappoint Him and allow all His sacrifice to go to waste. I pray that today we’ll all hear this message, ponder it sincerely in our hearts, minds and souls, then rise up as one and retake our Father’s inheritance. In Jesus’ Name, I pray. Much LOVE!…true unity, real LOVE and much action…are the necessary ingredients…for the success of Jesus’ LOVE Revolution…

'Terminated Wire Transfer Notification/ACH File ID" themed malicious campaigns lead to Black Hole Exploit Kit

ddanchev — Wed, 27 Mar 2013 07:00:44 +0000

By Dancho Danchev A couple of days ago our sensors picked up two separate malicious email campaigns,

Malicious 'BBC Daily Email' Cyprus bailout themed emails lead to Black Hole Exploit Kit

ddanchev — Mon, 25 Mar 2013 07:00:39 +0000

By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of malicious emails i

#Bank Information #Security: The Evolving Threat From Insiders

David — Sun, 24 Mar 2013 12:40:08 +0000

VIDEO: The Evolving Insider Threat- Dawn Cappelli, Randy Trzeciak of CMU’s Insider Threat Center

This video from RSA Conference 2013 discusses:

Who typically commits insider crimes – and how;
How employees are being victimized from outside;
Why our critical infrastructure is at heightened risk.

Even if you are an employer using standard commercial verification measures, you should be cautious about misuse of any information by employees, managers and contractors. Accordingly, you should be careful with training and education and not on only newly-hired employees. Further, plan on how login credential and access to sensitive information will be handled and/or turned over when training or when terminating, suspending, withholding pay, lowering pay, or taking any other adverse action against an employee.

Latest Java update patches 50 holes, including critical zero-day flaw

newiphonegeeks — Thu, 21 Mar 2013 15:00:16 +0000

Oracle was convinced to issue an update for its Java plugin two weeks early this month in order to squash a few critical bugs that resulted in a torrent of bad press. Everyone from security bloggers to the federal government had warned the general public against using Java after it was discovered that the exploit was being targeted in the wild. Apple blocked Java via OS X’s Xprotect, and Mozilla and Google both flipped the switch on their browsers to blacklist the plug-in.

According to security researcher Brian Krebs, the most critical fix in the most recent Java update addresses an issue in Oracle’s new trust mechanism. The initial change made it so that Java requested authorization from end users whenever unsigned, untrusted code was encountered. While it was an excellent step in the right direction in terms of improving the overall security of Java, it was also very easy to circumvent.

In total, the Java update takes care of 50 security flaws. Unsurprisingly, Oracle is recommending that all users update as soon as possible due to the severe risk posed by surfing with a vulnerable version.

If you’ve still got Java installed on your system, keep your eyes peeled for an update notification. If you’d rather not wait for Oracle’s updater to answer the call, just head over to the Java download page and grab the latest version. Mac users will be relieved to know that the new release matches Xprotect’s minimum version expectation — and that means no more terminal hacking is required just so you can play Minecraft.

One more thing: just make sure the update you’re installing is a legitimate one, not some craftily-designed malware.

More reading: How to disable Java on everything

Fake 'CNN Breaking News Alerts' themed emails lead to Black Hole Exploit Kit

ddanchev — Thu, 21 Mar 2013 07:00:05 +0000

By Dancho Danchev Cybercriminals are currently mass mailing tens of thousands malicious ‘CNN B

Queen Anne Nightstand

texpatstarling — Thu, 21 Mar 2013 04:37:20 +0000

I’ve lost Photoshop. I had no idea how crippling it would be for me. I haven’t posted be

Hacking for Beginners- Top Website Hacks

Ajay Ohri — Wed, 20 Mar 2013 07:12:52 +0000

I really liked this 2002 presentation on Website Hacks at blackhat.com/presentations/bh-asia-02/bh-asia-02-shah.pdf . It explains in a easy manner some common fundamentals in hacking websites. Take time to go through this- its a good example of how hacking tutorials need to be created if you want to expand the number of motivated hackers.

However a more recent list of hacks is here-

https://blog.whitehatsec.com/top-ten-web-hacking-techniques-of-2012/

The Top Ten

Honorable Mention

11. Using WordPress as a intranet and internet port scanner

12. .Net Cross Site Scripting – Request Validation Bypassing (1)

13. Bruteforcing/Abusing search functions with no-rate checks to collect data

14. Browser Event Hijacking (2, 3)

But a more widely used ranking method for Website Hacking is here. Note it is a more formal but probably a more recent document than the pdf above. If only it could be made into an easier to read tutorial, it would greatly improve website exploit security strength.

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

The Release Candidate for the OWASP Top 10 for 2013 is now available here: OWASP Top 10 – 2013 – Release Candidate

The OWASP Top 10 – 2013 Release Candidate includes the following changes as compared to the 2010 edition:

A1 Injection
A2 Broken Authentication and Session Management (was formerly A3)
A3 Cross-Site Scripting (XSS) (was formerly A2)
A4 Insecure Direct Object References
A5 Security Misconfiguration (was formerly A6)
A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection)
A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access)
A8 Cross-Site Request Forgery (CSRF) (was formerly A5)
A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)
A10 Unvalidated Redirects and Forwards

—
Once again, I am presenting this as an example of how lucid documentation can help spread technological awareness to people affected by technical ignorance and lacking the savvy and chops for self-learning. If you need better cyber security, you need better documentation and tutorials on hacking for improving the quantity and quality of the pool of available hackers and bringing in young blood to enhance your cyber security edge.

Anonymity on the Internet

thaiguy5 — Mon, 18 Mar 2013 12:59:42 +0000

In my opinion, to be anonymous on the Internet, being an “intermediate level techie”, is using proxies and virtual private networks to hide their IP, which in turn protects their real identity and works better at preventing hackers and agents from spying on you or tracking you. This doesn’t prevent that 100%, but it works unless you use your real information on a social network such as Facebook and/or Twitter.

People want to be anonymous on the internet to prevent “Tracking Cookies” from identifying your real location, so they use proxies, which sends your internet browsing to a proxy server which relays that information to the world wide web, using the proxy servers IP instead of yours. Proxy servers are located all over the world, you can be in Canada and use a proxy server in France, so tracking cookies and website administrators will think you are from France, not Canada. This is a good way, although wrong, to avoid IP Bans on websites, allowing you to create more accounts and avoid the consequences of bans. If you use proxies halfway across the world, the connection is going to be significantly slower than without one, by up to 0.5 seconds, but if you really want to be anonymous, you should be patient. Professional or experienced hackers (both white and black hats (good and bad)) will ALWAYS be anonymous on the internet to avoid detection and avoid being traced, by using proxies, or even multiple proxies. Although the FBI and government agencies can eventually track down your real location if you’re doing something illegal, getting through proxies using packet sniffers (take encrypted data going through a connection and decrypting it) and the likes. So you’re rarely completely safe.

Virtual Private Networks, or VPNs, are similar to proxies in a way and are sometimes used alongside proxies to create an even more secure and anonymous network or browsing experience. It is usually slower when the two are combined because you are relaying information across two networks; a VPN and a proxy server. The farther they are located from each other, the slower the connection is going to be. Same with proxies, intermediate and experienced hackers will use both at the same time, but often use private rather than public proxies and virtual servers, setting up their own or using “underground” proxies which are well hidden from the public eye.

When it comes to being anonymous on the internet, proxies and VPNs help you in protecting your identity to some extent. Excuse me if I missed anything, I’m brushing over the basics of online anonymity.

'ADP Package Delivery Notification' themed emails lead to Black Hole Exploit Kit

ddanchev — Mon, 18 Mar 2013 07:00:13 +0000

By Dancho Danchev A currently ongoing malicious email campaign is impersonating ADP in an attempt to

William Carey is Calling and Speaking

princeprolific — Sun, 17 Mar 2013 19:45:29 +0000

William Carey, a man, ordinary

Used to do the extra-ordinary

Made a living as shoe maker

Brought life to the dead as a preacher.

Expect great things from a great God

Expect good things from a good God

Your faith will reap a great reward

Your expectation will bring manifestation.

Attempt great things for your God

Be bold, just do it; stand on His word .

Believe on the truth you have heard

And it shall surely come to pass.

William left his comfort zone

Did not mind standing lone

Believed His God- the Holy One.

Had a passion for missions as a dream.

Inspired many to fulfil vision

Encouraged many to take on the baton

Run their race; fulfil commission

Stand until their work is done.

‘Attempt great things for God

Expect Great things from God.’

…but the people who know their God shall be strong, and carry out great exploits.

Dan11:32

William Carey (17 August 1761 – 9 June 1834) was an English Baptist missionary and a Particular Baptist minister, known as the “father of modern missions.”^[1] Carey was one of the founders of the Baptist Missionary Society.

As a missionary in the Danish colony, Serampore, India, he translated the Bible into Bengali, Sanskrit, and numerous other languages and dialects.

He possessed a natural gift for language, teaching himself Latin

While apprenticed to Nichols, he also taught himself Greek with the help of a local villager who had a college education

Dorothy Carey had seven children, five sons and two daughters; both girls died in infancy, as well as their son Peter, who died at the age of 5. Old himself died soon afterward, and Carey took over his business, during which time he taught himself Hebrew, Italian, Dutch, and French, often reading while working on his shoes.

Dorothy Carey died in 1807. Due to her debilitating mental breakdown, she had long since ceased to be an able member of the mission, and her condition was an additional burden to it. John Marshman wrote how Carey worked away on his studies and translations, “…while an insane wife, frequently wrought up to a state of most distressing excitement, was in the next room…”.

Later that same year Carey made the following entry in his diary: “Tuesday, Dec. 8, 1807. This evening Mrs. Carey died of the fever under which she has languished some time. Her death was a very easy one; but there was no appearance of returning reason, nor any thing that could cast a dawn of hope or light on her state.”^[5]

Several friends and colleagues had urged William to commit Dorothy to an asylum. But he recoiled at the thought of the treatment she might receive in such a place and took the responsibility to keep her within the family home, even though the children were exposed to her rages

http://en.wikipedia.org/wiki/William_Carey_(missionary)

http://wp.me/p1eApa-Nh

http://inspiration4generations.wordpress.com/2013/01/03/in-this-brand-new-year-2/

Cybercriminals resume spamvertising 'Re: Fwd: Wire Transfer' themed emails, serve client-side exploits and malware

ddanchev — Fri, 15 Mar 2013 07:00:13 +0000

By Dancho Danchev Over the last couple of days, a cybercricriminal/gang of cybercriminals that we

Spamvertised BBB 'Your Accreditation Terminated" themed emails lead to Black Hole Exploit Kit

ddanchev — Wed, 13 Mar 2013 07:00:01 +0000

By Dancho Danchev Over the past week, a cybercriminal/gang of cybercriminals whose activities we

New Owners of rotmghack.com (HackerBot.net)

realmofthemadgodhack — Mon, 11 Mar 2013 19:56:22 +0000

So we have bought the old scammer site and turned it into a sub-part of our legit hacking forum where all you guys can help each other out in love and get an advantage playing your favorite mmos and pc, flasch games.

We will be hosting forums for all kind of games to hack.

So join up with us to share your hacks, cheats and bots with our members and download the latest hacks for your favorite games.

Also visit our new Game Hacking Blog and subscribe to us on Twitter.

Game Hacks, Bots and other Cheats

hackerbotnet — Mon, 11 Mar 2013 17:39:05 +0000

If you are looking for game hacking software like hacks, cheats and other trainers, or if you need hacking tutorials and help with cheating in your favorite pc games, mmos or browser games, then you should check out hackerbot.net.

We are a devoted community of game hackers, trying to help each other and our users to get better results playing their favorite games.

See you soon on HackerBot.net

For news on other game hacks, go here.

Commercial Steam 'information harvester/mass group inviter' could lead to targeted fraudulent campaigns

ddanchev — Mon, 11 Mar 2013 07:00:34 +0000

By Dancho Danchev Despite the fact that the one-to-many type of malicious campaign continues dominat

OpenX Hacking ~ 173.241.250.2

SFA Reporter — Sat, 09 Mar 2013 17:27:11 +0000

According to KerbsOnSecurity, Hackers are actively exploiting a dangerous security vulnerability in

Pwn2Own (2013) Contest a Blast - FULL Results

Jay Pfoutz — Sat, 09 Mar 2013 11:13:06 +0000

CanSecWest is a conference, and 2013′s conference once again involved the Pwn2Own contest for hackers, an elite (1337) competition. The concept remained simple and will always that if you pwn a fully-patched browser running on a fully-patched laptop, you get to keep the laptop.

However, different rules applied this year. It involved successfully demonstrating the exploit, providing the sponsor (HP) the fully functioning exploit, and all details involved with the vulnerability used in the attack. If there were many vulnerabilities, multiple reports are needed, etc.

The work couldn’t be sold to anyone else, and proof of concept would belong to HP once sold. Basically, HP buys the winning exploits for own use. Their idea of reward money was the following:

Google Chrome on Windows 7 = $100,000
IE10 on Windows 8 = $100,000 or IE9 on Windows 7 = $75,000.
Mozilla Firefox on Windows 7 = $60,000
Apple Safari on Mac OS X Mountain Lion = $65,000
Adobe Reader XI and Flash Player = $70,000
Oracle Java = $20,000

It was assuredly a blast at the competition, no doubt about it.

DAY ONE: Java, Chrome, IE10, and Firefox PWNED!!!

(Where’s Safari, right? It survived!)

The idea behind each attack is the ability to browse to an untrusted website where you’re able to inject and run arbitrary code outside of the browsing environment.

Of course, one of the rules is: “A successful attack … must require little or no user interaction and must demonstrate code execution… If a sandbox is present, a full sandbox escape is required to win.”

In addition to Chrome, Firefox, and IE10 being pwned, Java was pwned three times on the first day. Once by James Forshaw, Joshua Drake, and VUPEN Security. VUPEN Security also led a lot of the pack of issues by successfully exploiting IE10 and Firefox as well.

The only other exploit was by Nils & Jon, where both successfully exploited Chrome.

The day after the first day of Pwn2Own, Mozilla and Google patched the exploits that were pushed out. Amazingly fast, Firefox went on to version 19.0.2 (which you should’ve been updated automatically), and Chrome went on to version 25.0.1364.160 (effectively patching 10 vulnerabilities).

“We received the technical details on Wednesday evening and within less than 24 hours diagnosed the issue, built a patch, validated the fix and the resulting builds, and deployed the patch to users,” said Michael Coates, Mozilla’s director of security assurance, in a Thursday blog.

Microsoft has decided to wait until next week’s Patch Tuesday run of updates to push out the fix for the Internet Explorer exploit on IE10.

DAY TWO: Adobe Reader and Flash Player PWNED!!! Java PWNED AGAIN!!!

The last day of Pwn2Own 2013 went with a BANG!

Flash Player…exploited by VUPEN Security (any surprise?). Adobe Reader PWNED by George Hotz. Java once again was exploited, this time proxied by Ben Murphy.

Who’re the overall prize winners?

James Forshaw, Ben Murphy, and Joshua Drake for Java – each $20,000
VUPEN Security for IE10 + Firefox + Java + Flash – $250,000
Nils & Jon for Google Chrome – $100,000
George Hotz for Adobe Reader – $70,000

Of course, George Hotz is best known for jailbreaking the iPhone and PlayStation 3. He’s still in progress with a lawsuit with Sony over the issue for PS3.

It’s amazing to see that Java was PWNED 4 times in just two days, but is it any surprise based on the number of vulnerabilities Oracle has dealt with for Java?

Now in its eighth year, Pwn2Own contest had $480,000 in payouts, a record year. Amazing!

Got any vibe on this issue? Post comment below!