Google懸賞百萬美元鼓勵駭客破解Chrome - Google
By Ophelia
at 2012-03-11T02:50
at 2012-03-11T02:50
Table of Contents
這場比賽還有個插曲
一個暱稱叫Pinkie Pie的駭客藉由三個漏洞自行破解了Chrome
不過因為他沒有經過雇主的同意參賽
所以他的本名沒被公布
不過對於一個能打破第四道牆的人物而言
打破個瀏覽器沙箱也不奇怪
是吧?
http://www.zdnet.com/blog/security/teenager-hacks-google-chrome-with-three-0day-vulnerabilities/10649
http://zd.net/wHT3eY
============================================================================
翻得有點糟請見諒
Teenager hacks Google Chrome with three 0day vulnerabilities
少年駭客破解了Google Chrome的三個零時漏洞
A teenage hacker who goes by the “Pinkie Pie” handle has hacked into Google
Chrome using three distinct zero-day vulnerabilities to evade the browser’s
protective sandbox.
一個青少年駭客PinkiePie駭入了Google瀏覽器Chrome,透過三個零時漏洞跳過了瀏覽器
自保沙盒.
The exploit was used as part of Google’s Pwnium hacker contest and earned
the researcher the maximum $60,000 cash prize.
入侵程式被作為Google的Pwnium大賽的一部份,且研發者能獲得了60000刀的最高獎金
A Google spokesman on site confirmed the winning exploit.
一個Google發言人公開證實了這個壯舉
“We have a team standing by waiting for this.We have three different teams
working on putting together the fix, building a patch and releasing it for
our customers,” he said.
"我們有個團隊正為此待命,我們有三個小組正在合力製作補丁並提供給我們的用戶"他說
While “Pinkie Pie” was previously unknown to onlookers here, Googlers
described him as a “known and respected security researcher.”
雖然 "Pinkie Pie"在此之前是默默無聞,Googler卻形容他是個"知名且可敬的安全研究員
In an interview after successfully launching the drive-by download exploit,
Pinkie Pie said he worked for about one-and-a-half weeks to find the
vulnerabilities and write a reliable exploit.
在成功啟動漏洞攻擊程式後的採訪中,PinkiePie說他花上一個半星期去找出漏洞,並寫出一
個可用的漏洞攻擊程式
The exploit worked on a fully patched Windows 7 machine (64-bit) and did not
require any user action beyond normal web browsing.
這個程式運作在一個有全面補丁的Windows7下,且沒有超出任何正常的網路瀏覽器的操作行
為
Pinkie Pie has never submitted a vulnerability report to Google and created
this multi-stage attack specially for the Pwnium contest.
Pinkie Pie之前從來沒有向Google提過漏洞提報或是專門為了參加這比賽而預先設計這項
多段攻擊程序
He said he never considered selling the vulnerability to third-party brokers.
”I've never sold a vulnerability before.”
他說他從未考慮透過第三者出售這項漏洞。"我從未賣出漏洞"
Strangely, which sandbox escapes are rare, Pinkie Pie said the easiest part
of his attack was jumping out of the Chrome sandbox after the initial exploit.
稀奇的是,這是一項很罕見的跳過沙箱行動,Pinkie Pie說最簡單的部分就是在第一次攻擊
後跳過沙箱
“I got lucky because I found a way [to jump out of the sandbox] very early.
I figured it out by looking at it carefully,” he added.
"我運氣不錯,我很早就發現了這個方法(指跳過沙箱),我想通這部分並仔細的觀查"他補充
He declined to discuss specifics of the vulnerabilities or the exploit
techniques, deferring comments to Google representatives.
他拒絕討論漏洞及攻擊手法的細節,延期到Google的代表提出意見
--
▊◣▎◢ ◢◣██◣ ◢▃▃▃◣ ●◎◎▽● ◢ ◣█▲◣ ◢██▲◣
‧ ‧ ◢ ‧◥‧ █‧‧ █ ξ︵ ︵◎● ◤ σ σ ▌ ︵ ︵ █
●█﹑█ ◤ ﹂ ● ◥∴︵∴◤ ●▼ ◎● ▲●/ ▌ ●︿
◥ -◤◣
ψ πετροσ
--
※ 編輯: Pietro 來自: 111.242.0.186 (03/11 08:26)
一個暱稱叫Pinkie Pie的駭客藉由三個漏洞自行破解了Chrome
不過因為他沒有經過雇主的同意參賽
所以他的本名沒被公布
不過對於一個能打破第四道牆的人物而言
打破個瀏覽器沙箱也不奇怪
是吧?
http://www.zdnet.com/blog/security/teenager-hacks-google-chrome-with-three-0day-vulnerabilities/10649
http://zd.net/wHT3eY
============================================================================
翻得有點糟請見諒
Teenager hacks Google Chrome with three 0day vulnerabilities
少年駭客破解了Google Chrome的三個零時漏洞
A teenage hacker who goes by the “Pinkie Pie” handle has hacked into Google
Chrome using three distinct zero-day vulnerabilities to evade the browser’s
protective sandbox.
一個青少年駭客PinkiePie駭入了Google瀏覽器Chrome,透過三個零時漏洞跳過了瀏覽器
自保沙盒.
The exploit was used as part of Google’s Pwnium hacker contest and earned
the researcher the maximum $60,000 cash prize.
入侵程式被作為Google的Pwnium大賽的一部份,且研發者能獲得了60000刀的最高獎金
A Google spokesman on site confirmed the winning exploit.
一個Google發言人公開證實了這個壯舉
“We have a team standing by waiting for this.We have three different teams
working on putting together the fix, building a patch and releasing it for
our customers,” he said.
"我們有個團隊正為此待命,我們有三個小組正在合力製作補丁並提供給我們的用戶"他說
While “Pinkie Pie” was previously unknown to onlookers here, Googlers
described him as a “known and respected security researcher.”
雖然 "Pinkie Pie"在此之前是默默無聞,Googler卻形容他是個"知名且可敬的安全研究員
In an interview after successfully launching the drive-by download exploit,
Pinkie Pie said he worked for about one-and-a-half weeks to find the
vulnerabilities and write a reliable exploit.
在成功啟動漏洞攻擊程式後的採訪中,PinkiePie說他花上一個半星期去找出漏洞,並寫出一
個可用的漏洞攻擊程式
The exploit worked on a fully patched Windows 7 machine (64-bit) and did not
require any user action beyond normal web browsing.
這個程式運作在一個有全面補丁的Windows7下,且沒有超出任何正常的網路瀏覽器的操作行
為
Pinkie Pie has never submitted a vulnerability report to Google and created
this multi-stage attack specially for the Pwnium contest.
Pinkie Pie之前從來沒有向Google提過漏洞提報或是專門為了參加這比賽而預先設計這項
多段攻擊程序
He said he never considered selling the vulnerability to third-party brokers.
”I've never sold a vulnerability before.”
他說他從未考慮透過第三者出售這項漏洞。"我從未賣出漏洞"
Strangely, which sandbox escapes are rare, Pinkie Pie said the easiest part
of his attack was jumping out of the Chrome sandbox after the initial exploit.
稀奇的是,這是一項很罕見的跳過沙箱行動,Pinkie Pie說最簡單的部分就是在第一次攻擊
後跳過沙箱
“I got lucky because I found a way [to jump out of the sandbox] very early.
I figured it out by looking at it carefully,” he added.
"我運氣不錯,我很早就發現了這個方法(指跳過沙箱),我想通這部分並仔細的觀查"他補充
He declined to discuss specifics of the vulnerabilities or the exploit
techniques, deferring comments to Google representatives.
他拒絕討論漏洞及攻擊手法的細節,延期到Google的代表提出意見
--
▊◣▎◢ ◢◣██◣ ◢▃▃▃◣ ●◎◎▽● ◢ ◣█▲◣ ◢██▲◣
‧ ‧ ◢ ‧◥‧ █‧‧ █ ξ︵ ︵◎● ◤ σ σ ▌ ︵ ︵ █
●█﹑█ ◤ ﹂ ● ◥∴︵∴◤ ●▼ ◎● ▲●/ ▌ ●︿
◥ -◤◣
ψ πετροσ
--
※ 編輯: Pietro 來自: 111.242.0.186 (03/11 08:26)
推 decorum:這兩個攻破chrome的駭客 都獲得60000美金獎金 03/11 19:30
Tags:
Google
All Comments
By Thomas
at 2012-03-14T19:43
at 2012-03-14T19:43
Related Posts
兩步驟驗證收不到簡訊和語音
By Sandy
at 2012-03-10T21:22
at 2012-03-10T21:22
好像再度不能新增yahoo帳戶
By Megan
at 2012-03-10T16:44
at 2012-03-10T16:44
Gmail一次可以登陸的人數
By Charlotte
at 2012-03-10T15:56
at 2012-03-10T15:56
Gmail有文字廣告
By Irma
at 2012-03-10T14:46
at 2012-03-10T14:46
youtube影片無法下載
By Elizabeth
at 2012-03-10T13:44
at 2012-03-10T13:44