Monthly Archives: March 2017

LastPass hit by password stealing and code execution vulnerabilities | ZDNet

Oh dear. Password manager with vulnerabilities. The team response is troubling to say the least. Lets hope they are really more competent than that.

In an eyebrow-raising declaration, according to Ormandy, LastPass had said they couldn’t get his code execution exploit to work, however the security researcher was calling the Windows Calculator executable in his code, while LastPass was examining the code on a Mac.

Google cyber-sleuth Tavis Ormandy has returned to examining LastPass, and a new lot of vulnerabilities have been discovered.

Source: LastPass hit by password stealing and code execution vulnerabilities | ZDNet

Virtual machine escape fetches $105,000 at Pwn2Own hacking contest [updated]

Get this: you are running Microsoft Edge in a VM and visiting a website. Your VM gets compromised and the malware jumps out of the VM to the host. The Qihoo security team has been coming up with a number of very impressive hacks.

Hack worked by stitching together three separate exploits.

Source: Virtual machine escape fetches $105,000 at Pwn2Own hacking contest [updated]

Amazon AWS S3 outage is breaking things for a lot of websites and apps

One of Amazon AWS service – specifically S3 – goes down (and recovers eventually) but many sites are affected. It’s not as bad as the Dyn DDoS attack but it’s a reminder how many companies now rely on Amazon to power their services.

Amazon’s S3 web-based storage service is experiencing widespread issues, leading to service that’s either partially or fully broken on websites, apps and..

Source: Amazon AWS S3 outage is breaking things for a lot of websites and apps

Edit (2017-03-03): Amazon released a summary of what happened. The tl;dr version is this: fat-fingered engineer.