12-03-2011, 04:29 AM
Internet Explorer and Safari suck (Pwn2Own)
Pwn2Own is an annual, three-day long browser hackathon. One the first day, two browsers have already been owned, not surprisingly, Internet Explorer 8 on Windows 7 64-bit, and Safari 5 on Mac OS X.
Internet Explorer 8 was thoroughly destroyed by independent researcher Stephen Fewer. "He used three vulnerabilities to bypass ASLR and DEP, but also escape Protected Mode. That's something we've not seen at Pwn2Own before," said Aaron Portnoy, the organizer of Pwn2Own.
Safari 5, running on a MacBook Air, was compromised in just five seconds by French security company Vupen. Both attackers netted $15,000 for successfully compromising a browser.
The contest continues today and tomorrow. Firefox 3.6 is yet to be attacked, and tomorrow will see the very first mobile browser deathmatch. Windows Phone 7, iOS, Android and RIM OS, all with their stock browsers, will be attacked by security researchers to find out just how secure mobile browsing is. Again, $15,000 is available for the first person or team to compromise each of the browsers.
Google, Apple and Mozilla, incidentally, all rolled out updates to their browsers just before Pwn2Own. It was not a coincidence.
I'm crossing my fingers for Chrome to go next. *Stupid thing calls its self a browser*
Pwn2Own is an annual, three-day long browser hackathon. One the first day, two browsers have already been owned, not surprisingly, Internet Explorer 8 on Windows 7 64-bit, and Safari 5 on Mac OS X.
Internet Explorer 8 was thoroughly destroyed by independent researcher Stephen Fewer. "He used three vulnerabilities to bypass ASLR and DEP, but also escape Protected Mode. That's something we've not seen at Pwn2Own before," said Aaron Portnoy, the organizer of Pwn2Own.
Safari 5, running on a MacBook Air, was compromised in just five seconds by French security company Vupen. Both attackers netted $15,000 for successfully compromising a browser.
The contest continues today and tomorrow. Firefox 3.6 is yet to be attacked, and tomorrow will see the very first mobile browser deathmatch. Windows Phone 7, iOS, Android and RIM OS, all with their stock browsers, will be attacked by security researchers to find out just how secure mobile browsing is. Again, $15,000 is available for the first person or team to compromise each of the browsers.
Google, Apple and Mozilla, incidentally, all rolled out updates to their browsers just before Pwn2Own. It was not a coincidence.
I'm crossing my fingers for Chrome to go next. *Stupid thing calls its self a browser*