msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

08 Jun 12 Samsung Series Laptops, Chrome-Based PCs Look to Make an Impact


When it comes to mobile devices and smartphones, Samsung is considered the world’s top-selling company, outselling even Nokia, which held the crown for many years. However, when it comes to PCs, specifically laptops, the company is far behind the likes of Hewlett-Packard, Lenovo and Dell. In fact, Samsung doesn’t even crack the top 5 in terms of shipments. In PC shipments, Samsung ranks eighth worldwide, but the company did grow 7 percent year-over-year, according to Gartner’s 2012 first-quarter report on the global PC market. However, Samsung is looking to change that with the same method it used to take the mobile crown. At a recent New York City event, the company showed off several laptops based on Windows 7 and using Intel’s newer Ivy Bridge chips. In addition, the company is ready to jump on the Windows 8 bandwagon later this year. Samsung is also teaming up with its mobile partner, Google, to offer several Chrome-based PCs, including a revamped Chromebook and the Chromebox—a miniaturized desktop designed for small spaces. Still, does Samsung have the breadth and depth to compete with the other big PC players? Here’s a look at what Samsung is offering for business users, as well as consumers.

Article source: http://www.eweek.com/c/a/Desktops-and-Notebooks/Samsung-Series-Laptops-ChromeBased-PCs-Look-to-Make-an-Impact-514440/

Tags: , , ,

11 Mar 12 Google Chrome hacked twice at Vancouver conference


Hackers found and exploited two previously unknown security flaws in Google Chrome at a Vancouver IT security conference this week — the first time the browser has succumbed in such competitions.

The Pwn2Own and Pwnium competitions at the CanSecWest conference continue through Friday, but as of Wednesday, the first day of the competition, the Chrome browser had already taken a bit of a beating.

A team for Vupen Security managed to demonstrate a previously unknown security vulnerability in Chrome within the first five minutes of the Pwn2Own contest, organized by HP Tippingpoint, the contest said in a congratulatory tweet Wednesday.

“Google Chrome is probably one of the most secure browsers and it was a big challenge for us to defeat its sandbox protection and show that it can be fully compromised,” Chaouki Bekrar, CEO of Vupen Security, said in an email Thursday.

He said his team made a web page that could be visited by a user on an updated Windows system and fully updated Chrome browser. The web page contained code capable of “bypassing all security protections” on the browser and executing a command on the user’s computer.

The contest is in its fifth year at the conference, and this is the first time that Chrome has succumbed to the work of the IT security experts at the conference, said Aaron Portnoy, manager of security research at HP Tippingpoint. In previous years, security flaws have been found in other browsers.

Meanwhile, Sergey Glazunov, a longtime contributor to the Google Chrome security program, successfully demonstrated a “full Chrome exploit” while competing remotely in the Google-sponsored Pwnium contest, which is focused only on the Chrome browser. He qualified for $60,000 out of up to $1 million that Google has set aside for the competition, which is in its first year.

“This is exciting,” Sundar Pichai, senior vice-president of Chrome, said in a posting on the Google Plus social network Wednesday afternoon.

Google has previously sponsored Pwn2Own, but pulled out this year in favour of its own contest, saying it did so because it found contestants could enter without having to reveal all the details of their security exploits to vendors such as Google.

Bekrar said his company doesn’t accept the requirement to report the entire code of its exploit.

According to Pwn2Own’s Twitter feed, Google claims it has a way of blocking Vupen Security’s new exploit “without having seen it.”

As of Thursday afternoon, Google had not responded to a request for comment from CBC news.

The Pwn2Own contest also includes a challenge in which competitors try to exploit vulnerabilities that have already been patched in the latest versions of Firefox, Internet Explorer, Safari and Chrome browsers. Competitors gain points for each success.

As of Thursday, Vupen Security managed to succeed in two challenges each for Internet Explorer and Safari, as well as one for Firefox and looked well on its way to winning the top prize of $60,000, sponsored by Hewlett Packard.

Article source: http://ca.finance.yahoo.com/news/google-chrome-hacked-twice-vancouver-000616140.html

Tags: , , ,

09 Mar 12 Google Patches Hacker's Chrome Bug In Less Than 24 Hours


Google’s Chrome browser may not be the unhackable fortress it once seemed. But give Google credit for learning from its mistakes–and doing it in a hurry.

Within fifteen hours of security researcher Sergey Glazunov demonstrating an exploit in Chrome at the Pwnium hacking competition Wednesday at the CanSecWest conference in Vancouver, Google had already developed a fix for the hacking method that the Russian university student used to win the contest’s $60,000 prize for an exploit unique to Chrome. And by 9:20 am Pacific Time on Thursday, that fix was already being pushed out automatically to browsers around the world.

According to Google’s security team, Glazunov used three distinct bugs in Chrome chained together to bypass its “sandbox” security restrictions, which are designed to prevent a hacker who compromises the browser from gaining access to the rest of the machine. Google hasn’t released full details on the hack yet, but Google security researcher Chris Evans describes the most significant of the bugs a “universal cross-site-scripting” vulnerability that allows a hacker to inject malicious commands into a website. That flaw was only a piece of what Evans describes as a “complex and elegant” exploit.

“This was exactly the kind of exploit that we were hoping to encourage resesearchers to submit,” he says. “This gives up the ability not to just fix the bugs involve but to lock things down so this kind of thing can’t happen again.”

Glazunov’s exploit demo represents the first time Chrome has been publicly hacked. In each of the last three Pwn2Own hack competitions, which Google sponsored last year before breaking off to create its own contest, Chrome left the stage entirely unscathed. But Google has been increasing the reward for any hacker capable of taking its browser apart, first offering an extra $20,000 in last year’s contest and now putting a total of $1 million in possible payouts on the line in its own competition.

That’s not to say Chrome isn’t still being hacked behind the scenes. In fact, at the first day of the simultaneous Pwn2Own competition sponsored by Hewlett Packard’s Zero Day Initiative (ZDI) at CanSecWest, the French security firm VUPEN hacked Chrome with another exploit that it has yet to detail to Google. Unlike Google’s Pwnium competition, Pwn2Own doesn’t require hackers to hand over the full explanation of their exploit to either ZDI or the software vendor itself.

Google says it split its competition from Pwn2Own precisely because it aimed to force contestants to reveal more of mechanics of their work, a stance that ZDI counters would discourage the most innovative hackers from even displaying their exploits.

“It’s unfortunate that after fixing a complicated bug like the one we were given yesterday, we still haven’t gotten information from VUPEN or ZDI,” says Travis McCoy of Google’s security team. “We’ve shown that when we get details, we can protect users within 24 hours. But [for VUPEN's exploit] we’ve received no details at all.”

 

Article source: http://www.forbes.com/sites/andygreenberg/2012/03/08/google-patches-hackers-chrome-bug-in-less-than-24-hours/?feed=rss_home

Tags: , , ,

09 Mar 12 Google Patches Hacker's Chrome Crack In Less Than 24 Hours


Google’s Chrome browser may not be the unhackable fortress it once seemed. But give Google credit for learning from its mistakes–and doing it in a hurry.

Within fifteen hours of security researcher Sergey Glazunov demonstrating an exploit in Chrome at the Pwnium hacking competition Wednesday at the CanSecWest conference in Vancouver, Google had already developed a fix for the hacking method that the Russian university student used to win the contest’s $60,000 prize for an exploit unique to Chrome. And by 9:20 am Pacific Time on Thursday, that fix was already being pushed out automatically to browsers around the world.

According to Google’s security team, Glazunov used three distinct bugs in Chrome chained together to bypass its “sandbox” security restrictions, which are designed to prevent a hacker who compromises the browser from gaining access to the rest of the machine. Google hasn’t released full details on the hack yet, but Google security researcher Chris Evans describes the most significant of the bugs a “universal cross-site-scripting” vulnerability that allows a hacker to inject malicious commands into a website. That flaw was only a piece of what Evans describes as a “complex and elegant” exploit.

“This was exactly the kind of exploit that we were hoping to encourage resesearchers to submit,” he says. “This gives up the ability not to just fix the bugs involve but to lock things down so this kind of thing can’t happen again.”

Glazunov’s exploit demo represents the first time Chrome has been publicly hacked. In each of the last three Pwn2Own hack competitions, which Google sponsored last year before breaking off to create its own contest, Chrome left the stage entirely unscathed. But Google has been increasing the reward for any hacker capable of taking its browser apart, first offering an extra $20,000 in last year’s contest and now putting a total of $1 million in possible payouts on the line in its own competition.

That’s not to say Chrome isn’t still being hacked behind the scenes. In fact, at the first day of the simultaneous Pwn2Own competition sponsored by Hewlett Packard’s Zero Day Initiative (ZDI) at CanSecWest, the French security firm VUPEN hacked Chrome with another exploit that it has yet to detail to Google. Unlike Google’s Pwnium competition, Pwn2Own doesn’t require hackers to hand over the full explanation of their exploit to either ZDI or the software vendor itself.

Google says it split its competition from Pwn2Own precisely because it aimed to force contestants to reveal more of mechanics of their work, a stance that ZDI counters would discourage the most innovative hackers from even displaying their exploits.

“It’s unfortunate that after fixing a complicated bug like the one we were given yesterday, we still haven’t gotten information from VUPEN or ZDI,” says Travis McCoy of Google’s security team. “We’ve shown that when we get details, we can protect users within 24 hours. But [for VUPEN's exploit] we’ve received no details at all.”

 

Article source: http://www.forbes.com/sites/andygreenberg/2012/03/08/google-patches-hackers-chrome-bug-in-less-than-24-hours/

Tags: , , ,

08 Mar 12 With $1 Million On The Line, Chrome Finally Cracked In Hacking Competition


It took four years and possibly the biggest reward a software company has ever offered for information about its own security flaws, but Google finally found what it was looking for: A few hackers willing and able to dismantle its browser in public.

In the first day of Google’s Pwnium competition at the CanSecWest security conference in Vancouver, Sergey Glazunov, a Russian university student, successfully hacked a PC running Google’s Chrome browser to claim a $60,000 prize. According to ZDNet, Glazunov’s exploit used a previously undiscovered exploit specific to Chrome to bypass the browser’s “sandbox” restriction, which is designed to prevent a hacker who compromises the browser from accessing the rest of a user’s machine. Google security team member Justin Schuh confirmed the hack on Twitter.

In the simultaneous Pwn2Own contest run by Hewlett Packard’s Zero Day Initiative, a team of security researchers from the security firm VUPEN also took down Chrome in the first five minutes of that competition. The team has said that it has new exploits it plans to demonstrate on Internet Explorer, Safari, and Firefox, too.

This marks the first year that Google’s browser has been exploited in a public hacking competition, despite appearing for the three previous years as a target in the Pwn2Own competition. But Google has been progressively raising the stakes. Last year, it co-sponsored the Pwn2Own competition and offered an extra $20,000 bonus for anyone who could hack its browser–a prize that went unclaimed. This year it split off from the HP-sponsored competition to host Pwnium, which is offering up to a million dollars in prizes for exploits that affect Chrome.

Chrome’s defeat in the Vancouver hacking competitions may seem like a loss for Google’s marketing execs, who can no longer tout the browser’s record of withstanding the competitions’ hackers year after year. But Google’s security team has argued that it participates in the competitions not to show off Chrome’s infallibility, but rather to find and excise the program’s bugs in a safe setting.

Any hacker claiming a prize in its competition is required to divulge all the details of his or her exploit to Google so that the bugs it takes advantage of can be patched. ”Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing,” Chrome security engineers Chris Evans and Justin Schuh wrote in their blog post announcing Pwnium last month. “This enables us to better protect our users.”

The ongoing  results for the Pwnium competition can be tracked here.

 

Article source: http://www.forbes.com/sites/andygreenberg/2012/03/07/with-1-million-on-the-line-chrome-finally-cracked-in-hacking-competition/?feed=rss_home

Tags: , , ,

02 Mar 12 Google Will Offer $1 Million In Rewards For Hacking Chrome In Contest


Updated below to clarify that Google‘s Pwnium contest will take place separately from the Zero Day Initiative’s Pwn2Own competition.

For the last three years, Google’s Chrome browser has left the world’s premiere hacking competition unscathed, even as Firefox, Internet Explorer and Safari have all been taken down by the assembled security researchers. So in a new contest it’s launching this year, Google is offering hackers a million reasons to re-focus their efforts.

Google announced Monday evening that it’s offering up to a million dollars in rewards at a hacking contest it’s calling Pwnium, which take place at the same time as the annual Pwn2Own hacking contest at the CanSecWest security conference in Vancouver. Hackers don’t necessarily need to target Chrome to win a chunk of that money: Google is paying $20,000 to any participant who can exploit hackable bugs in Windows, Flash, or a device driver, security problems that would affect users of all browsers. But for hacks that include flaws specific to Chrome, Google will pay $40,000 each, and for those that exploit only bugs in Chrome, the company will shell out $60,000, up to its million dollar limit.

In fact, Google’s rewards may end up dwarfing those offered by the longer-running Pwn2Own’s organizer, the Hewlett-Packard-owned Zero Day Initiative. HP plans to offer $60,000 to the first place winner of its competition, $35,000 to the second, and $15,000 to the third place contestant, using a point system to determine those placements.

And why is Google willing to pay seven figures to see its browser taken apart in public? Because, the company explains in a blog post, the annual hacking contest offers a chance to test Chrome’s mettle against some of the world’s most innovative hackers in a setting where any new flaws can be identified and patched. In return for its rewards, Google demands any winning researcher submit the details of the exploited flaws to its security team, a condition that ZDI doesn’t impose on its winning hackers.  ”Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing,” Chrome security engineers Chris Evans and Justin Schuh write. “This enables us to better protect our users.”

The Pwn2Own and Pwnium competitions aren’t the only time researchers can be paid for digging up security flaws in Chrome. Like other companies including Mozilla and Facebook, Google offers “bug bounties” to researchers, and its flaw-buying program has given out more than $300,000 in payments over the last two years.

Since Chrome first appeared as a target in the Pwn2Own contest in 2009, participating hackers haven’t even tried to exploit the browser, focusing instead on the array of other software and devices laid out as the contest’s victims. Because security exploits are usually developed well ahead of the contest, that’s a sign that none of the researchers could find a chink in Chrome’s armor–its security features include sandboxing, which limits the access of an exploit to the rest of a user’s PC and “just-in-time hardening” that prevents javascript on websites from executing commands on the user’s machine.

Even when Google offered an extra $20,000 to anyone who could hack its browsers last year, no one took up the challenge. That result provides great marketing fodder, but Google says it’s more eager to expose bugs in its code–hence this year’s massive payouts. “While we’re proud of Chrome’s leading track record in past competitions, the fact is that not receiving exploits means that it’s harder to learn and improve,” Evans and Schuh write. “To maximize our chances of receiving exploits this year, we’ve upped the ante.”

Article source: http://www.forbes.com/sites/andygreenberg/2012/02/28/google-will-offer-1-million-in-rewards-for-hacking-chrome-in-contest/

Tags: , , ,

28 Feb 12 Google Will Offer $1 Million In Rewards For Hacking Chrome In Contest


For the last three years, Google’s Chrome browser has left the world’s premiere hacking competition unscathed, even as Firefox, Internet Explorer and Safari have all been taken down by the assembled security researchers. So this year, Google is offering hackers a million reasons to re-focus their efforts.

Google announced Monday evening that it’s offering up to a million dollars in rewards at the annual Pwn2Own hacking contest, which takes place next week at the CanSecWest security conference in Vancouver. Hackers don’t necessarily need to target Chrome to win a chunk of that money: Google is paying $20,000 to any participant who can exploit hackable bugs in Windows, Flash, or a device driver, security problems that would affect users of all browsers. But for hacks that include flaws specific to Chrome, Google will pay $40,000 each, and for those that exploit only bugs in Chrome, the company will shell out $60,000, up to its million dollar limit.

In fact, Google’s rewards may end up dwarfing those offered by the contest’s official organizers, the Hewlett-Packard-owned Zero Day Initiative. HP plans to offer $60,000 to the first place winner, $35,000 to the second, and $15,000 to the third place contestant, using a point system to determine those placements.

And why is Google willing to pay seven figures to see its browser taken apart in public? Because, the company explains in a blog post, the annual hacking contest offers a chance to test Chrome’s mettle against some of the world’s most innovative hackers in a setting where any new flaws can be identified and patched. In return for its rewards, Google demands any winning researcher submit the details of the exploited flaws to its security team, a condition that ZDI doesn’t impose on the winning hackers.  ”Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing,” Chrome security engineers Chris Evans and Justin Schuh write. “This enables us to better protect our users.”

Pwn2Own isn’t the only time researchers can be paid for digging up security flaws in Chrome. Like other companies including Mozilla and Facebook, Google offers “bug bounties” to researchers, and its flaw-buying program has given out more than $300,000 in payments over the last two years.

Since Chrome first appeared as a target in the Pwn2Own contest in 2009, participating hackers haven’t even tried to exploit the browser, focusing instead on the array of other software and devices laid out as the contest’s victims. Because security exploits are usually developed well ahead of the contest, that’s a sign that none of the researchers could find a chink in Chrome’s armor–its security features include sandboxing, which limits the access of an exploit to the rest of a user’s PC and “just-in-time hardening” that prevents javascript on websites from executing commands on the user’s machine.

Even when Google offered an extra $20,000 to anyone who could hack its browsers last year, no one took up the challenge. That result provides great marketing fodder, but Google says it’s more eager to expose bugs in its code–hence this year’s massive payouts. “While we’re proud of Chrome’s leading track record in past competitions, the fact is that not receiving exploits means that it’s harder to learn and improve,” Evans and Schuh write. “To maximize our chances of receiving exploits this year, we’ve upped the ante.”

Article source: http://www.forbes.com/sites/andygreenberg/2012/02/28/google-will-offer-1-million-in-rewards-for-hacking-chrome-in-contest/?feed=rss_home

Tags: , , ,