Security firm claims to have hacked Chrome's sandbox

It didn't manage to do it during the most recent Pwn2Own challenge, but VUPEN Security is now claiming that it has finally managed to hack Google's Chrome browser and crack its so-called "sandbox." According to the firm, the exploit relies on some newly discovered zero day vulnerabilities, works on all Windows operating systems (and only Windows, apparently), and could give malicious websites the ability to download code from a remote source and execute it on a user's computer -- the video after the break shows an example, in which the Windows Calculator application is downloaded and run automatically. For its part, Google says it has been unable to confirm the hack since VUPEN hasn't shared any details with it -- something the firm apparently doesn't plan to do, as it says it only shares its vulnerability research with its "government customers for defensive and offensive security."

VUPEN Security

Comments

Pentax releases O-GPS1 add-on for DSLRs, appeals to astronomy nuts

Pentax's Optio WG-1 GPS point-and-shoot satisfied geotaggers out of the box, but owners of its K-5, K-r and 645D DSLRs have had to make do with third-party taggers like the PhotoTrackr or Eye-Fi. The new hotshoe-mounted O-GPS1 module fixes that oversight by recording latitude, longitude, altitude, Coordinated Universal Time and shooting angle. Everyday snappers might find an extra hotshoe attachment cumbersome, but astro-photography enthusiasts could well be enticed by the device's interesting "ASTROTRACER" function. This helps you take clearer photos of celestial bodies by using the in-built sensors to calculate a star's movement and then employing the camera's shake reduction system to compensate. Sounds clever, but be advised: this module is only for Pentax DSLRs -- and only for very specific models at that. You'll get full functionality with the K-5 and K-r cameras, and geotagging (no ASTROTRACER) with the 645D. Oh, and you'll need to make sure yo

Commodore USA puts the new C64 up for pre-sales, unveils far-less-retrotastic VIC-Slim

Desktops Commodore USA puts the new C64 up for pre-sales, unveils far-less-retrotastic VIC-Slim By Sean Hollister posted Apr 6th 2011 8:43PM Now that Commodore USA has sufficiently piqued your curiosity with a revamped Commodore 64 prototype, it's ready to capitalize on the idea. Quite literally, we might add. $595 buys you the basic basic model with an 1.8GHz dual-core Intel Atom D525 chip, NVIDIA ION 2 graphics, 2GB of RAM and a 160GB hard drive -- which it promises to deliver by "early June" -- with hundred-dollar increments adding premium features like an additional 2GB of memory, a Blu-Ray drive, up to 1TB of storage, 802.11 b/g/n WiFi and Bluetooth. However, if you're simply looking for a compact keyboard computer (rather than reliving 80's nostalgia) there's another option on tap -- a likely rebadged thin wedge of a machine that Commodore's

CNC mill and Sixaxis controller make beautiful DIY music together (video)

Have you ever thought to yourself, "my CNC mill is pretty cool, but I really want to make it more awesomer"? Well, first, "awesomer" totally isn't word, and second, have we got a hack for you! A reader wrote in to the DIY hub Adafruit to show off his CNC being operated by a PS3 Sixaxis controller -- mimicking features found on high-end machines that allow you to trigger jobs from a distance and manually control the mill. Best of all, it's a pretty simple mod that uses a program called QtsixA to map the gamepad as a keyboard and mouse, allowing you to interact with a Linux box running EMC2, which is used for controlling the mill, lathe, plasma torch, or a number of other fun and dangerous tools. Check out the video after the break. Adafruit dammitdarrell (YouTube)

NYC

Search This Blog