According to Google, the word “superstition” is defined as a “widely held but unjustified belief in supernatural causation leading to certain consequences of an action or event, or a practice based on such a belief.” I consider myself rather superstitious, and you’ll often see me knocking on wood, not walking under a ladder, or making sure my lucky red luggage tag is in place when I’m traveling. Do they work all the time? Not 100 percent but close enough, I tell myself. So why do I still do my little rituals? Perhaps you can attribute my behavior to the theory attributed to American psychologist and behaviorist B.F. Skinner called the “partial reinforcement effect.” Unlike Ivan Pavlov, who discovered the concept of classical conditioning (remember Pavlov’s dog?), B.F. Skinner found that by reinforcing an organism only sometimes and not every time a desired behavior occurs, that organism is more resistant to extinction than an organism that receives reinforcement every time. Basically, I am going to live forever because I am able to develop a tolerance for frustration and adapt in an unpredictable world. But I digress…
I learned about a new superstition last week on a fishing trip with the TippingPoint DVLabs and Zero Day Initiative teams. As we were boarding the boat, the captain noticed that a ship next to us had bananas on it and told us that they are bad luck. We also had bananas on our boat, but got rid of them before we cruised off into the water. There are numerous reasons why fishermen believe bananas are bad luck, but the one that seemed the most reasonable to me stems from the 1700s. The wooden sailing boats of that time had to move quickly to deliver bananas before they spoiled and fishermen had a hard time trying to fish on such fast-moving boats. While we were on a more modern boat with a very fast gas engine, the centuries-old bananas superstition unleashed its fury on our fishing poles. There would be no fish for us that day; however, we had our own “Prawn2Own” event and caught a large batch of prawns and crabs. We even had an octopus join the party!
At the Pwn2Own event last week in Vancouver, not even a lucky rabbit’s foot could keep vendors immune from the vulnerabilities that were discovered during the contest. After all was said and done, our Zero Day Initiative awarded $460,000 USD to researchers for a total of 21 vulnerabilities across Adobe, Apple, Google and Microsoft products. The winners of the competition, Tencent Security Team Sniper (KeenLab and PC Manager), received a total of $142,500 USD, a snazzy ZDI “Master of Pwn” smoking jacket and an impressive ZDI trophy. But what we get in return is priceless: We get the vulnerability information first and protect our TippingPoint customers before anyone else! Congratulations to Tencent Security Team Sniper (KeenLab and PC Manager) for being named the “Master of Pwn” and congratulations to the Zero Day Initiative and DVLabs for a great event!
Here are some videos and blogs to get you updated on all the details and action from last week!
|
|
We also garnered significant press as a result of the event, with over 95 articles from 23 countries so far! Here’s a quick sampling of the articles generated as a result of the event:
Zero-Day Filters
There are 15 new zero-day filters covering four vendors this week. The 10 zero-day filters listed below in green are from this year’s Pwn2Own contest. A number of existing filters in this week’s package were modified to update the filter description, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative web site.
Vendor: Adobe (6)
|
|
Vendor: Apple (3)
|
|
Vendor: Google (4)
|
|
Vendor: Microsoft (2)
|
|
