Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Chrome Google Security IT

Pinkie Pie Earns $60K At Pwn2Own With Three Chromium 0-Day Exploits 148

Posted by timothy from the omg-pwnies! dept.
Tackhead writes "Hot on the hooves of Sergey Glazunov's hack 5-minutes into Pwn2Own, an image of an axe-wielding pink pony was the mark of success for a hacker with the handle of Pinkie Pie. Pinkie Pie subtly tweaked Chromium's sandbox design by chaining together three zero-day vulnerabilities, thereby widening his appeal to $60K in prize money, another shot at a job opportunity at the Googleplex, and instantly making Google's $1M Pwnium contest about 20% cooler. (Let the record show that Slashdot was six years ahead of this particular curve, and that April Fool's Day is less than a month away.)"
This discussion has been archived. No new comments can be posted.

Pinkie Pie Earns $60K At Pwn2Own With Three Chromium 0-Day Exploits More

Pinkie Pie Earns $60K At Pwn2Own With Three Chromium 0-Day Exploits

Comments Filter:

  • WebKit (Score:5, Interesting)

    by 93 Escort Wagon ( 326346 ) on Saturday March 10, 2012 @10:33PM (#39315649)

    It's interesting that the article implies the flaw is in WebKit rather than, say, JavaScript or Flash. So there'll need to be a similar patch made for Safari (which the article also briefly touches on).

  • Re:Pwn2Own rocks. (Score:5, Interesting)

    by Billly Gates ( 198444 ) on Saturday March 10, 2012 @11:13PM (#39315781) Journal

    One downside is many are reporting on ZDNet, that the IE 9 exploit that was shown yesterday has new trojans already working for it.

    Since it is a 0 day exploit it is undetectable by any anti virus scanner yet and all you need to do is search under Google Image and you are instantly infected without clicking on anything.

    Google at least patched the last one in 24 hours, but I do not trust other browsers or users to patch that quick.

  • Re:Pwn2Own rocks. (Score:4, Interesting)

    by bloodhawk ( 813939 ) on Sunday March 11, 2012 @12:39AM (#39316095)

    Is it time to trash the old and invent something new, something mere mortals can embrace, and actually create secure implementations?

    The funny part about your post is your idea of a solution is actually the current problem. Technology is changing so fast that No one can have a modern popular functional end user browser while being secure. Security IS HARD, No matter how good a programmer you are you can't possibly imagine every possible type of new exploit technique that will be created tomorrow, next week or next year. It is even harder if every few years you have to rewrite everything, your idea would just bring about a raft of new security issues..

  • Re:You know what this calls for? (Score:2, Interesting)

    by Anonymous Coward on Sunday March 11, 2012 @01:38AM (#39316253)

    You know what this calls for?
    Deploy The Party Cannon!

    Well, since [youtube.com] you [youtube.com] asked [youtube.com] nicely [youtube.com], allow me to deploy the Party Cannon like a boss [youtube.com]. PARTY [youtube.com] HARD [youtube.com]! I'm pony and I know it [youtube.com]!

    OK. Virus Alert! [youtube.com] now over, and while we're waiting for the patch, let's watch the Dead Parrot Sketch [youtube.com], chug a mug o' mead and back to Skyrim [youtube.com], Portal [youtube.com], TF2 [youtube.com], or whatever else you're playing tonight.

    And I found all that stuff within ten minutes of random youtube surfing. My brain is full of pinkie pie [mylittlefacewhen.com], and I love it.

    It's like the goddamn Cambrian explosion of Internet culture.

Slashdot Top Deals

Thus spake the master programmer: "Time for you to leave." -- Geoffrey James, "The Tao of Programming"

Close