Dr. Bill.TV #281 – Video – “The Raspy Throat Edition!”

LibreOffice 4.0 ‘Getting Started Guide’, UltraDefrag 6.0 is out, MakerBot’s 3D ‘Digitizer’ – a first gen replicator? Google Chrome OS survives the Pwnium 3 Challenge! A demo of Spoon.Net, a Virtual Desktop System! Major browsers hacked during Pwn2Own!

Links that pertain to this Netcast:

TechPodcasts Network

Blubrry Network

Spoon.Net – Virtual Desktop System


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)
Streaming M4V Audio





Streaming MP3 Audio

Streaming Ogg Audio

Download M4V Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

Available on YouTube at: https://youtu.be/EQpS3HzkmRQ

Available on Vimeo at: https://vimeo.com/61438645


Dr. Bill.TV #281 – Audio – “The Raspy Throat Edition!”

LibreOffice 4.0 ‘Getting Started Guide’, UltraDefrag 6.0 is out, MakerBot’s 3D ‘Digitizer’ – a first gen replicator? Google Chrome OS survives the Pwnium 3 Challenge! A demo of Spoon.Net, a Virtual Desktop System! Major browsers hacked during Pwn2Own!

Links that pertain to this Netcast:

TechPodcasts Network

Blubrry Network

Spoon.Net – Virtual Desktop System


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)
Streaming M4V Audio





Streaming MP3 Audio

Streaming Ogg Audio

Download M4V Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

Available on YouTube at: https://youtu.be/EQpS3HzkmRQ

Available on Vimeo at: https://vimeo.com/61438645


Pwn2Own Competition Pwns the Browser World!

So, the Chrome OS wasn’t hacked (as discussed in an earlier article posted here), but ALL the big browsers got pwned at “Pwn2Own!”

Fail: Chrome, Firefox, and IE all crack during hacking competition

“Chrome, Internet Explorer, and Firefox all fell to the mercy of the hackers today. That is, in a controlled environment.

Security firms Vupen and MWR Labs were able to crack the browsers during a condoned bug-hunt today, with one company winning $100,000 for finding a huge hole.

The Pwn2Own competition is an event at the CanSecWest conference in Vancouver. HP’s DVLabs created the competition as part of its Zero Day Initiative: an attempt to get more people to find and report bugs as opposed to exploiting them for personal gains. This year’s Pwn2Own competition turned up a number of interesting hacks, with three major browsers all falling: Firefox, Internet Explorer, and Chrome.

Vupen, a security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet (warning: A lot of security vocabulary is incoming), ‘We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.’

The technique involves recalling memory that the browser had previously ‘freed,’ (user-after-free), after which they were able to mess with the technology that protects a computer system from letting bad code execute.

In Internet Explorer’s case, Vupen says it found two separate ‘zero-days,’ or previously unknown holes in a system, and used them to get inside a Microsoft Surface Pro tablet. From there, the company was able grab hold of Windows 8.

The company explained, again, in a tweet, ‘We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.’

Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also ‘demonstrated a full sandbox bypass exploit.’ The company explained in a blog post that it found a zero-day in Chrome ‘running on a modern Windows-based laptop.’ It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. From there the website probed Chrome and was able to get control of the area of the browser that executes code ‘in the context of the sandboxed renderer process,’ or the protective area that allows code to run, but restrict it from using any other part of the system but the CPU and memory.

The sandbox cannot, however, protect against any attacks against the kernel, or the root of the operating system, it exists in and that’s exactly what MWR took advantage of. It found a vulnerability in the kernel, exploited it, and gained full access to the Windows 7 system.

Shabam.

All of these browsers had been previously patched in preparation for the competition, showing just how much can be missed and how valuable these types of bug-finding events are. MWR won $100,000 as a result. Of course, both MWR and Vupen properly disclosed all the documentation of its findings to the appropriate browser security teams.”

Geek Website of the Week: Spoon.Net!

Spoon.Net

And, the GSotW as well! This is SO cool, that I did a demo for this week’s Dr. Bill.TV Show, it will be posted later today, check it out! This is VERY awesome! I gotta give them huge Geek Cred for this implementation. You can either sign up for the service from their web site, or, if you have a business, and want to host it on your own server, you can do that as well! Did I mention… Awesome!

Spoon.Net – Virtual Desktop System

No more installs.

Apps launch inside pre-configured virtual machines with no changes to your desktop.

Spoon Console
Access the Spoon Console directly from your desktop by pressing Alt + Win.

Universal Search Engine
Instantly find apps and files anywhere, even across multiple devices.

Browser Plugin
Spoon works through a small browser plugin. No administrative privileges are required.

Hundreds of Apps Online
Use hundreds of free applications online, or easily virtualize your own applications.

Google Chrome Survives Pwnium 3 Challenge!

Chrome OSCan you imagine Microsoft offering expert hackers a challenge, with big financial incentives, to try and hack Windows. Huh!? Yeah, right!! You gotta admit, if you want security, Chrome would be the way to go!

No Winning Exploit Found For Chrome OS At Annual Hacking Competition, Pwnium 3

“Google’s operating system Chrome OS survived all attempts to hack it at this year’s Pwnium 3 competition, which took place at the CanSecWest security conference in Vancouver, BC this week. Google, which was offering up $3.14159 million in prize money (get it, Pi money?), said that there was no winning entry, but it was in the process of evaluating some exploits for partial credit.

The focus for this year’s Pwnium 3 was on Chrome OS – and the big push from Google to focus on its operating system, recently introduced in the new, high-end Chromebook Pixel touchscreen laptop, also included increased rewards for hackers finding exploits as well. Although in previous years, rewards maxed out at $60,000 for Chrome browser exploits, the company had earmarked up to $3.14 million for hacks on the OS. That was largely just a clever marketing gimmick, however – the actual potential payouts were much lower:

The two reward levels offered this year included:

  • $110,000: browser or system level compromise in guest mode or as a logged-in user, delivered via a web page.
  • $150,000: compromise with device persistence — guest to guest with interim reboot, delivered via a web page.
  • And, as always, partial credit was offered to those for incomplete or unreliable exploits.

The hacks had to be demonstrated against a base Wi-Fi model of the Samsung Series 5 500 Chromebook, running the latest stable version of the Chrome operating system. Hackers could use any of the installed software, including the kernel and drivers, to attempt their attacks.

A Google spokesperson confirmed the Pwnium 3 hacking contest completed without a winning entry, via the following statement:

Pwnium 3 has completed and we did not receive any winning entries. We are evaluating some work that may qualify as partial credit. Working with the security community is one of the best ways we know to keep our users safe, so we’re grateful to the researchers who take the time to help us in these efforts.

Chrome OS, which is a Linux-based operating system running a Chrome browser, may have been more difficult to hack thanks to ten bug fixes which arrived just before the competition. Six of these were high-level bugs and four earned payouts of $1,000-$2,000 from Google’s ongoing efforts to rewards researchers for finding bugs.

Pwnium 3 ran alongside the browser-focused Pwn2Own, which wraps up today. During day one of that event, all browsers except Safari proved vulnerable to attacks, but only because none of the entrants decided to take on Safari this year. The Chrome browser issue discovered yesterday has now been fixed. During day 2, Adobe Reader, Flash and Java also fell.”

Makerbot Shows Off a Near Replicator at South-by-Southwest

Scan an object and then 3D print the object? So, is this a first generation Star Trek replicator?

MakerBot announces 3D ‘Digitizer’ prototype to scan your world, then print it out

“MakerBot founder Bre Pettis today announced the Digitizer Desktop 3D Scanner prototype it intends to sell alongside its Replicator 3D printers. The scanner uses a combination of cameras and lasers to scan an object and create a digital file that can then be printed using one of MakerBot’s replicators. The company says you won’t need any experience with design or 3D modeling software to make use of the scanner, and wants to see it used by businesses, educational facilities, and in the home. The Digitizer will launch this fall, Pettis said.

‘The MakerBot Digitizer is an innovative new way to take a physical object, scan it, and create a digital file — without any design, CAD software or 3D modeling experience at all — and then print the item again and again on a MakerBot Replicator 2 or 2X Desktop 3D Printer,’ Pettis said. The Digitizer is capable of scanning objects up to 8 inches by 8 inches in less than three minutes. As the Digitizer scans your object, it spins in a circle on top of a platform. ‘This is kind of like what happened when Flynn (in Tron) gets digitized into the game grid,’ Pettis said. ‘This takes us from being a 3D printer company into being a company that’s building out a 3D ecosystem.’

Before Pettis revealed the actual Digitizer, he delved into some of the ways people around the world are using MakerBot. One dad made orthotics so his daughter could appear tall enough to ride a rollercoaster, payments startup LevelUp prototyped a new phone scanner, and Pettis himself made shot glasses. Some MakerBot-built products will have an even bigger impact on our lives, Pettis said. ‘Our biggest customer is NASA, which just makes the nerd in me so happy,’ he said. ‘They can make cheap prototypes on our machines before using their high end one.'”