At the CanSecWest security conference in Vancouver BC, hackers were invited to find and exploit holes in modern browsers. A popular target for hackers at this year’s conference was Safari on a Mac — definitely the lowest hanging fruit.

Charlie Miller explains that it’s not whether a product has holes (all of them do), its how easy it is to exploit those holes — and on a Mac, it’s very simple:

It’s clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But that’s only half the equation. The other half is exploiting it. There’s almost no hurdle to jump through on Mac OS X.

Hummm now that is the first time I heard that statement, Baldy

A worm has been used to build a botnet consisting of DSL routers running Linux, which may be still evolving, according to security training organisation the Sans Institute.

After becoming infected, the network of routers was used to launch a denial-of-service attack earlier in March against DroneBL, an organisation that maintains a DNS blacklist. Sans Institute handler GN White reported the issue in a blog post on Tuesday, noting that there was a chance the bot was “still evolving”.

Readthe Rest of the Article

VANCOUVER, BC — Charlie Miller has done it again. For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple’s Safari browser.

“It took a couple of seconds. They clicked on the link and I took control of the machine,” Miller said moments after his accomplishment.

The contest kicked off at exactly 3:15 PM and, within seconds, Miller launched his drive-by attack and claimed the $10,000 top prize. He also got to keep the MacBook machine.

Read the Rest of the Article

Apparently, Internet Explorer is on its way out. JCXP.net is saying that Internet Explorer 8 will be the last traditional version of Microsoft’s web browser, and that Microsoft’s next web browser will be based on a promising Microsoft Research project dubbed “Gazelle”.

Reading through the Microsoft Research paper on Gazelle, it becomes clear that it is an intricate beast. It relies on a “browser kernel”, 5000 lines of C# code, that exposes the underlying system to webpages using a set of system calls. Web content does not interact with the actual operating system at all; all communication goes through the sandboxed browser kernel. The browser kernel takes care of all resource protection and sharing.

Okay I will beleive it when I see it, Baldy

You can read the rest of the article here

globeandmail.com: Have YouTube, will travel: Australia’s experiment in social media

Have YouTube, will travel: Australia’s experiment in social media
It was an offer the wired generation couldn’t refuse: Earn $150,000 by relaxing on a Pacific island and blogging about it. Now, after an extensive online contest, seven Canadians are among the 50 vying for the ‘best job in the world’

iTWire – Can Microsoft’s Kumo take on Google’s Sumo

Once again one of Microsoft’s worst kept secrets has been leaked, this time a new search engine called Kumo, that is supposed to especially good at searching for images. Is Kumo the saviour that Microsoft has been waiting for to take on Google’s 800 pound sumo or is it just a warmed up version of Live Search?

World’s largest Linux desktop deployment?

Calgary, Alberta-based desktop virtualization vendor Userful announced what it claims is the world’s largest deployment of Linux desktops. Working with the Brazilian government and virtual terminal vendor ThinNetworks, the company has won a contract to deploy 356,800 virtualized “Userful Multiplier” desktops to Brazilian schools.

Hands-on: fat-free Xfce 4.6 has nice new features – Ars Technica

Ars takes a test drive with Xfce 4.6, the latest version of the popular lightweight desktop environment. Our hands-on testing reveals that this mouse can roar.

Linux Foundation has bought Linux.com – Computerworld Blogs

The Linux Foundation has long wanted the Linux.com domain name for obvious reasons. For a long time SourceForge, formerly VA Linux Systems, kept the site, but the company has now sold Linux.com to the Foundation.

Sources close to the deal say that the deal was made because, — an all too familiar story these days — the company needed the money. SourceForge, had, in addition to its well-known open-source eponymous code Web site, been in the media business. In December 2008, however, the company laid off the bulk of its NewsForge editorial staff. NewsForge was hosted at Linux.com. The Linux.com site then became something of a placeholder site, which held only a discussion forum.