The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday November 16, 2016

The results from PwnFest are in: Google Pixel was pwned in just 60 seconds, and the Chinese hacker teams killed Safari and laugh at a four-second Flash hack.

The Google Pixel fell to a team of Chinese hackers alongside Apple Safari and Adobe Flash at the PwnFest hacking competition in Seoul last week.

Mountain View's latest offering was smashed by white-hat friendlies from Qihoo 360, who used an undisclosed vulnerability to gain remote code execution for $120,000 cash prize.

The exploit launched the Google Play store before opening Chrome and displaying a web page reading "Pwned By 360 Alpha Team".

Google said the Chrome bug that Keen Team found was patched within 24 hours of the event and the changes have already been released into the stable branch by the Chrome team.

It was the second time in as many weeks that the Pixel has been compromised.

The first still-unpatched zero day was unveiled at the Mobile Pwn2Own event in Japan.

Hackers also showcased this exploit at PwnFest, showing how they could compromise all aspects of the phone including contacts, photos, messages, and phone calls.

Qihoo 360 also breached Adobe Flash with a flick of the finger, scoring a prize of $120,000 for that hack.

It took four seconds for Flash to fall.

Qihoo 360 hackers walked away with more than 1/2 million dollars in prize money.

The hacks concluded PwnFest, which also saw Microsoft Edge hacked and the first-ever zero day exploits against VMWare Workstation.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash

Samsung has purchased connected car firm Harman for $8bn in cash.

Samsung Electronics is buying automotive electronics-maker Harman International Industries for $8bn, as it makes a big push into connected car technologies.

Internet-connected cars will improve in-car entertainment, and be able to help with crash alerts and diagnosing engine problems.

It will also be key for driverless technology.

Samsung said automotive electronics was "a strategic priority".

The deal is the biggest overseas purchase made by a South Korean firm, and comes as Samsung is looking to recover from the withdrawal of its Galaxy Note 7 smartphone.

Source: www.bbc.com

Sent to us by: Roy W. Nash

A lone laptop computer can take down an entire server farm in a newly discovered type of denial-of-service attack.

Researchers said they have discovered a simple way lone attackers with limited resources can knock large servers offline when they're protected by certain firewalls.

The denial-of-service technique requires volumes of as little as 15 megabits, or about 40,000 packets per second, to cut off the Internet connection of vulnerable servers.

The requirements are in stark contrast to recent attacks targeting domain name service provider Dyn and earlier security site KrebsOnSecurity and French Web host OVH. Those assaults bombarded sites with volumes approaching or exceeding 1 terabit per second.

Researchers from Denmark-based TDC Security Operations Center have dubbed the new attack technique "BlackNurse".

In a blog post published Wednesday, the researchers wrote: "The BlackNurse attack attracted our attention, because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers' operations down. This even applied to customers with large internet uplinks and large enterprise firewalls in place. We had expected that professional firewall equipment would be able to handle the attack."

Because the attack uses high CPU load on the firewall in contrast to the traditional DDOS which requires high amounts of traffic, it doesn't matter if the server is behind a 10 Mbit/sec or a Gigabit connection.

According to researchers from Netresec, a security firm that collaborated with TDC Security on the research, the attack works against firewalls from Cisco Systems, Palo Alto Networks, SonicWall, and Zyxel.

Source: arstechnica.com

Sent to us by: Roy W. Nash

The BBC has confirmed it will launch a new virtual reality film, The Turning Forest, next week.

We've been saying VR video is about to catch on, and now the BBC has announced the debut of a virtual reality movie, The Turning Forest.

The fairy tale will be made available for free on Daydream, Google's mobile virtual reality product.

Daydream is a mobile headset which covers the eyes of the user and immerses them in the film they are watching.

The corporation has released a trailer for the experimental project ahead of its release within the next week.

The BBC said the project is part of the corporation's drive to explore emerging technology and new storytelling mediums for future audiences.

The Turning Forest debuted at the 2016 Tribeca Film Festival, and was originally created for the Oculus Rift.

The BBC said the film has now been enhanced to further improve the sound design and introduce new controller interactions.

Zillah Watson, executive producer of BBC R&D, said: "The Turning Forest is unique in that it's been designed from the sound up, using state-of-the-art audio to help transport people to a magical world.

"It takes advantage of decades of research and experience from our own team, partners and universities to create a beautiful soundscape that we hope people will love."

The Turning Forest has been produced by the BBC's Research & Development team in collaboration with virtual reality production studio VRTOV.

Source: www.bbc.com

Sent to us by: Roy W. Nash