Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: IE and Safari out at Pwn2Own on day 1


10 Mar 2011   #1

Windows 7 Ultimate x64
 
 
IE and Safari out at Pwn2Own on day 1

I really wish they would have tested IE9...but not being released yet means they won't...because pre-release versions of something are just that, unfinished and not ready for prime-time.

Making sport of browser security, hackers topple IE, Safari • The Register

Quote:
Contestants in a high-stakes hacking contest had no trouble toppling the Apple Safari and Microsoft Internet Explorer browsers, proving for a fifth year in a row that no software or application is safe from people with the expertise and motivation to exploit them.


The attacks came on Day One of the Pwn2Own contest, which pays more than $15,000 apiece for exploits that successfully give the attacker full remote access of the targeted machine. Wednesday's event saw hackers take complete control of a fully patched Sony Vaio and MacBook Air by compromising IE and Safari respectively. Google's Chrome browser was also up for grabs, but no one stepped forward to try hacking it.

Google's Chrome untouched at Pwn2Own hack match - Computerworld
Quote:
If Chrome comes out unscathed, as it now appears it will, the browser will have survived three consecutive Pwn2Owns, a record.

Firefox testing was expected to commence today.


My System SpecsSystem Spec
.

10 Mar 2011   #2

Windows 7 Ultimate x64 SP1
 
 

I knew there was a good reason why I was using Chrome

Apple need to up their security a lot more, that result is really really poor, IE8 well who's surprised about that one, not me that's for sure.

Hopefully Firefox's security can hold out.
My System SpecsSystem Spec
10 Mar 2011   #3

Windows 8 Pro
 
 

Do you guys know if they test Opera? I would be really curious to see the results for that one. I don't like the idea that they are just going after FF 3.6, and IE8, instead of the 4 and 9 respectively... Nonetheless, the results should be interesting.
My System SpecsSystem Spec
.


10 Mar 2011   #4

Windows 7 Ultimate x64 SP1
 
 

Quote   Quote: Originally Posted by Windows 911 View Post
Do you guys know if they test Opera? I would be really curious to see the results for that one. I don't like the idea that they are just going after FF 3.6, and IE8, instead of the 4 and 9 respectively... Nonetheless, the results should be interesting.
Because they are aren't released yet, pointless testing development software, wouldn't really be fair plus their usage won't be as wide spread as the stable versions.
My System SpecsSystem Spec
10 Mar 2011   #5

Windows 8 Pro
 
 

That is quite true, good point. Well, I'll have to wait to see next year. I just looked up the results for the fall of IE8, they bypassed ASLR, DEP, and the protected mode. Pwn2own said that they never saw that before... And like you said, Apple seriously needs to step up their game. I have read multiple articles that Apple's security is definitely lacking...
My System SpecsSystem Spec
10 Mar 2011   #6

Windows 7 x64 Ultimate
 
 

They can't be trying very hard on Opera given the number of vulnerabilities found in it over the last year :/

http://secunia.com/advisories/search/?search=opera

One always has to queestion the motivations of the participants. EVERYONE wants to bag on IE, but what street cred to you get from poking holes in everyones hero Opera?
My System SpecsSystem Spec
10 Mar 2011   #7

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Windows 911 View Post
That is quite true, good point. Well, I'll have to wait to see next year. I just looked up the results for the fall of IE8, they bypassed ASLR, DEP, and the protected mode. Pwn2own said that they never saw that before...
I honestly don't expect the situation with IE to improve much by next year. Honestly, they were supposed to be better with IE6 (and weren't), IE7 (and weren't), IE8 (well, we all now how secure that has been), and now here comes IE8.


Quote   Quote: Originally Posted by Windows 911 View Post
And like you said, Apple seriously needs to step up their game. I have read multiple articles that Apple's security is definitely lacking...
Apple doesn't have enough customers for it to really matter.
My System SpecsSystem Spec
10 Mar 2011   #8

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Quote   Quote: Originally Posted by fseal View Post
They can't be trying very hard on Opera given the number of vulnerabilities found in it over the last year :/

Search - Advisories - Community

One always has to queestion the motivations of the participants. EVERYONE wants to bag on IE, but what street cred to you get from poking holes in everyones hero Opera?
That is a very poor accessment of Opera. If you take the time to check, all of those vulnerabilities have been fixed in the current version. What does make a browse insecure, such as IE has always been in the past, is that a known vulnerability is not fixed, or worse that some are never published so that the users are unaware of them.

Opera has ALWAYS been the most secure browser available. That does not mean that it is perfect, nor that faults will never be found, it means that once a vulnerability is known, Opera fixes it VERY rapidly.
My System SpecsSystem Spec
10 Mar 2011   #9

Windows 8 Pro
 
 

I think many of the contestants in Pwn2Own use Opera for their browser. I wonder which one is more secure, Chrome or Opera? I personally like Opera a bit more because of its fantastic Software acceleration and more personal options to choose from.
My System SpecsSystem Spec
10 Mar 2011   #10

Windows 7 x64 Ultimate
 
 

Well yes, of course they are all fixed, but given that they are being found at a steady rate, it's pretty safe to assume that it still has some, in fact probably a lot. Until the discoveries slow down to one or two a year, the software is guaranteed to contain plenty more waiting to be discovered.

Sentences like this "Google's Chrome browser was also up for grabs, but no one stepped forward to try hacking it." speaks voolumes about the fairness of it all.

Given that Safari and Chrome are based on the same base layout engine, it's entirely likely to suffer a lot of the same flaws. Why aren't people going after it? If Google makes it through because no one dared to suffer community retribution for even trying, does it get to claim it survived too?

So again, if Opera makes it through unscathed it's far more likely it's because no one bothered to try very hard... The people that do the hacking as well as the contests are so religeously polarized you can't judge much at all by the outcomes, and that's really a shame
My System SpecsSystem Spec
Reply

 IE and Safari out at Pwn2Own on day 1




Thread Tools



Similar help and support threads for2: IE and Safari out at Pwn2Own on day 1
Thread Forum
Pwn2Own: Down go all the browsers Security News
help my safari Software
CanSecWest Pwn2Own Victories System Security
iPhone, Safari, IE8, Firefox fall on day one of Pwn2Own News
Pwn2Own: Hacker busts IE8 on Windows 7. Security News
Safari 4.0 Browsers & Mail
Safari Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:31 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33