Submitted by
Users who Dugg This
AngelWardriver
11954 Followers
Standing My Ground
4858 Followers
DIGG-WillNotFixMy-STATISTICS
12956 Followers
Russ Smith
18393 Followers
Carly Wilson
3024 Followers
Janine Kahn
6178 Followers
smiley Rose
-58 Followers
taiyoryuMay 10, 2011
FTA: But VUPEN does not intend to release the 0-day code or technical details to the public or to Google. Instead, the security firm will share the Chrome exploit "exclusively" with Government customers of its vulnerability research services.
I can understand not sharing with the public, but the fact that the company won't share with Google shows they are not whitehats. In fact, disclosing the exploit to Google would undermine their business model.
peppermintpigMay 10, 2011
Giving it to the government is a massive red flag.
CottonPickingDiggerMay 12, 2011
Wait, so does this make them Red Hats?
And yes, I am aware of the fact that I just made a very lame joke.
krazedkaozMay 10, 2011
whitehats? says who?
wturkalMay 10, 2011Staff
It's just antisocial to not share the details of the exploit. I'm sure this route makes more economic sense, but this behavior really shows the worst side of the security exploit industry.
thephantompigMay 10, 2011
I understand what you are saying. However, this company is a for-profit enterprise and this is the product they sell. They will not give it away. That being said, I'm not sure you could call them "whitehats" since they will sell the exploit info to whomever is willing to pay them.
peppermintpigMay 10, 2011
Their 'business model' is oriented around selling or giving exploits to government agents, whom we all know would NEVER abuse it... that makes them parasites.
wturkalMay 11, 2011Staff
I agree. Calling them "whitehats" is disingenuous at best.
tomtutsMay 10, 2011
I think they should at least be willing to sell the information to Google.
itsmikehMay 11, 2011
What kind of security company writes 'pwned'. Jesus, I really hope people don't actually turn to them for a professionally mannered security firm.
thewriteguyMay 10, 2011
Not "whitehats". These guys sound like the equivalent of private military contractors or tech mercs -- like they aspire to be the Blackwater of hacker security firms.
enantiodromiaMay 10, 2011
right. people who hack for legit businesses.
as opposed to them working for the russian mafia.
which do you prefer?
brathorMay 10, 2011
So, VUPEN managed to hack Chrome using an extremely complex code. From my understanding, almost anything can be hacked with enough persistence, so this isn't very surprising. The thing is, Chrome's competitors have a track record of being much easier to exploit. From the article, "VUPEN shamed Safari 5 in only five seconds and then walked away with a new MacBook Air notebook and $15,000." Doesn't that mean that Chrome, then, is still the most secure of the popular browsers?
(x-posted to the actual article)
enantiodromiaMay 10, 2011
"five seconds" plus "months of actual hacking and research".
now they have done the same hacking and research on chrome, and can now "shame it in five seconds".
you dont actually believe they walked up to a laptop and came up with a new hack in five seconds, do you?
if anything, we can say "both webkit based browsers are now compromised by the same team".Comment is buried, click here to see the rest.
johnomazzMay 11, 2011
You're right, but at the same time, they didn't bother trying Chrome back then? You could say there was far more research required for Chrome and they didn't have it finished.
havocstylesMay 10, 2011
Can't pee in my sandbox as it realted only to winblows =) Original submiter should not of omitted that little fact ;)
theyarMay 10, 2011
I don't know, the Vupen article says any Chrome installation.
havocstylesMay 10, 2011
"it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64)."
If it worked on Linux or Mac they would state that ;)
johnomazzMay 11, 2011
It also says it it doesn't use any Windows Kernel exploits. Most likely its because the software they put onto systems is windows based. Give it time fanboy.
graehMay 11, 2011
Their sandbox has 95% of the fun toys. So, you may be free of pee, but you can always wash that off. The smugness, well, that just reeks from below the skin,.
doskrautMay 10, 2011
when the government is involved look out.
emfkMay 10, 2011
Loved @VUPEN's tweet!
kmarciniMay 11, 2011
hmm... on Windows only though...
graehMay 11, 2011
That's what the logo on the box of most of the software ever made says.
sanket2011May 11, 2011
shocking information..
laurahoustonMay 11, 2011
years ago a game developer said of hackers, "If you make it, they will come".
npisthojMay 10, 2011
so was this part of that security hack that Google sponsored?
michirican123May 11, 2011
Am I safe if I use a Mac?
jacleseauMay 10, 2011
Well, I'm glad that it was some whitehats that found this first. I hope the supergeeks at Google get a fix out soon.
kingfogMay 11, 2011
Except said "whitehats" have already said they aren't going to give details of the hack to Google...
Did you not read the article?
johnomazzMay 11, 2011
Now that google knows something exists, you know they will be on it to get it taken care of.
bluenileMay 10, 2011
You pain