Skip to main content

Hackers bag $460,000 at Pwn2Own, Chrome proves the most secure browser

pwn2own 2016 chrome most secure os virtualbox running
Image used with permission by copyright holder
A prize pool of  $460,000 was handed out at last week’s Pwn2Own security contest, where researchers and hackers poked holes and found vulnerabilities in Windows, Edge, Chrome, Safari, and OS X.

The contest, which was sponsored by HP and Trend Micro, took place at the CanSecWest security conference in Vancouver. A total of 21 flaws were found in several programs and operating systems but Windows once again came out as the most flawed of the lot. Hackers tallied six vulnerabilities in Windows 10. However, Apple didn’t perform that much better. Five vulnerabilities were found in Mac OS X.

Recommended Videos

There were five teams of hackers competing in the two-day contest, including three teams from Chinese tech giant Tencent, a team from Qihoo 360, and a lone contestant, JungHoon Lee from South Korea.

Please enable Javascript to view this content

Operating systems aside, the hackers turned their attention to smaller attack surfaces in browsers and carried out successful bug tests on Microsoft’s newest browser Edge, such as exploiting a particular bug to get administrator system privilege. The good news, though, is that Edge is not as flawed as its predecessor Internet Explorer, thanks largely to its new code base. Safari, meanwhile, was attacked successfully three times by the hacker teams.

Chrome came out looking the best on this occasion. Two attempted attacks were carried out on Google’s browser. One failed, and the other only partly worked. Firefox was left out of this year’s contest because the organizers believed it had not made significant improvements to its security in the last year that were worthy of testing.

However, Adobe Flash was one of the hackers’ test subjects despite its well-publicized security failings. It was included as it is a common attack vector for compromising browsers.

Each team bagged an impressive amount of money each for their hacking efforts, but it was JungHoon Lee that came away with the most, at $145,000. Tencent’s Team Sniper won $142,500 and Qighoo 360’s 360Vulcan Team netted $132,500.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Apple’s secret Vision Pro controller suggests it’s finally taking VR gaming seriously
A person gaming on the Apple Vision Pro headset.

You would think that Apple’s Vision Pro headset would be the perfect platform for virtual reality (VR) gaming. After all, it has a top-notch processor, super-high-resolution displays, and both VR and augmented reality (AR) capabilities. In theory, that should make it a leading device for gamers.

The reality is, unfortunately, very different, with few popular gaming titles making it onto visionOS. And really, Apple’s headset is held back by one key weakness: its lack of proper VR controller support.

Read more
Big tech is dominating my digital life — here’s how I fixed it
big tech logos around capitol hill

Big tech companies are so dominant and so far-reaching right now that people could probably live their entire digital lives interacting only with Google, Apple, Meta, Microsoft, and Amazon products. Things never got quite that bad for me but I did realize recently that I've been relying far too much on Google, plus I’ve been using Safari for years even though I don’t actually like it that much.

So I decided to find some new apps to try out and came across a nice resource full of European, open-source, or non-profit alternatives for a range of different services. It introduced me to quite a few apps that are more than good enough to replace what I was using, and although I’m not hardcore enough to completely kick Google out of my life, I’m pretty happy with the results.
What’s so bad about big tech?

Read more
Meta faces lawsuit for training AI with pirated books
A silhouetted person holds a smartphone displaying the Facebook logo. They are standing in front of a sign showing the Meta logo.

In a recent lawsuit, Meta has been accused of using pirated books to train its AI models, with CEO Mark Zuckerberg's approval. As per Ars Technica, the lawsuit filed by authors including Ta-Nehisi Coates and Sarah Silverman in a California federal court, cite internal Meta communications indicating that the company utilized the Library Genesis (LibGen) dataset—a vast online repository known for hosting pirated books—despite internal concerns about the legality of using such material.

The authors argue that Meta's actions infringe upon their copyrights and could undermine the company's position with regulators. They claim that Meta's AI models, including Llama, were trained using their works without permission, potentially harming their livelihoods. Meta has defended its practices by invoking the "fair use" doctrine, asserting that using publicly available materials to train AI tools is legal in certain cases, such as "using text to statistically model language and generate original expression."

Read more