Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: IE and Safari out at Pwn2Own on day 1

11 Mar 2011   #31
Tepid

Win 7 Ultimate 32bit
 
 

I never said it would be easy.

But flat out assuming certain things, such as,,, "chrome is safe, cause no one is testing it" is an absurd argument.

Try making that claim on anything else. It just doesn't work that way.

Quote:
Google patched 25 vulnerabilities in Chrome today in one last update before the Pwn2Own hacking contest starts Wednesday in Canada.
I wonder why no one is taking on the challenge then. And 25, is considered safe?
In other words, there is a reason no one is touching it, but it's has ZERO to do with it being safe.
It has more to do with the fact that they plugged a bunch of holes and that's it.

So, it's a facade.

Just cause no one is testing it does not mean it is safest browser.
It just means no one has either had time, nor spent time on finding other holes that did not get discovered and patched yet a day before the event.

Claiming they survive day one (cause again, no one tested it) is a good thing is a fallacy due to that very fact.


My System SpecsSystem Spec
.
11 Mar 2011   #32
malexous

Arch Linux 64-bit
 
 

Quote:
This year, the software was frozen last week, preventing the use of last-minute patches to avoid exploitation. Successful exploits of the week-old configuration win the hardware, and if the exploit still exists in the latest software, money is also paid out for the flaw.
Pwn2Own day 2: iPhone, BlackBerry beaten; Chrome, Firefox no-shows
My System SpecsSystem Spec
11 Mar 2011   #33
Tepid

Win 7 Ultimate 32bit
 
 

Quote   Quote: Originally Posted by malexous View Post
Quote:
This year, the software was frozen last week, preventing the use of last-minute patches to avoid exploitation. Successful exploits of the week-old configuration win the hardware, and if the exploit still exists in the latest software, money is also paid out for the flaw.
Pwn2Own day 2: iPhone, BlackBerry beaten; Chrome, Firefox no-shows
Hmmmm,,,, Are you sure about that?

Google issues last-minute Chrome fixes before Pwn2Own - Computerworld - March 8, 2011 04:09 PM ET


Google issues last-minute Chrome fixes before Pwn2Own | ITworld - March 9, 2011, 11:30 AM

Google issues last-minute Chrome fixes - Bing
My System SpecsSystem Spec
.

11 Mar 2011   #34
Everlong

 

Everyone knows the vulnerabilities are there, that's no secret - it's finding a way to exploit these vulnerabilities, and write the exploit, that's the problem because of Chrome's sandbox.
My System SpecsSystem Spec
12 Mar 2011   #35
pparks1

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Tepid View Post
Quote   Quote: Originally Posted by malexous View Post
Quote:
This year, the software was frozen last week, preventing the use of last-minute patches to avoid exploitation. Successful exploits of the week-old configuration win the hardware, and if the exploit still exists in the latest software, money is also paid out for the flaw.
Pwn2Own day 2: iPhone, BlackBerry beaten; Chrome, Firefox no-shows
Hmmmm,,,, Are you sure about that?
Yes, pretty sure about that. If you read what malexous posted above, he says exactly the same thing that I am going to explain in a few more words below.

If you followed the past, Pwn20wn competitions, the requirement was to test against the latest version of the software under attack...even if it was released the morning of the show.

This year, the software was frozen the week prior, preventing the use of new patches to avoid exploitation. If you beat the frozen version, you win the hardware prizes of the competition. If you beat the browser on the latest version as of day of the show, you win the money.

As you can see from this link, Apple too included new patches resolving 60 vulnerabilities right before the start of the conference;
Pwn2Own 2011: On cue, Apple drops massive Safari, iOS patches | ZDNet

And this article explains that while Microsoft also had the opportunity to patch IE8 before the show, they elected not to;
Microsoft Releases Zero IE8 Security Updates Before "Pwn2Own" Browser Hacking Contest | News & Opinion | PCMag.com

So, it's not like Google tried to sneak a fast one past everybody. They played by the same rules as everybody else. Everybody else had the same opportunity. And even with patches being allowed, other browsers allowed machine ownership, and some did not.

Quote   Quote: Originally Posted by Everlong View Post
Everyone knows the vulnerabilities are there, that's no secret - it's finding a way to exploit these vulnerabilities, and write the exploit, that's the problem because of Chrome's sandbox.
Thank you, that is exactly correct. Nobody is saying that Chrome is perfect, but in a competition with money on the line, the hackers dropped Safari and IE8 and gained full access to the machines. They didn't do the same with Firefox and Chrome.
My System SpecsSystem Spec
13 Mar 2011   #36
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
Pwn2Own 2011: IE8 on Windows 7 hijacked with 3 vulnerabilities

Quote:
Using three different vulnerabilities and clever exploitation techniques, Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win this year’s CanSecWest hacker challenge.

Fewer (right), a Metasploit developer who specializes in writing Windows exploits, used two different zero-day bugs in IE to get reliable code execution and then chained a third vulnerability to jump out of the IE Protected Mode sandbox.
Source

A Guy
My System SpecsSystem Spec
Reply

 IE and Safari out at Pwn2Own on day 1




Thread Tools




Similar help and support threads
Thread Forum
CanSecWest Pwn2Own Victories
The big excitement at the popular CanSecWest Applied Security Conference in Vancouver, British Columbia, Canada is the Pwn2Own events. The take-downs, so far, from ZDNet: Pwn2Own 2010: iPhone hacked, SMS database hijacked Pwn2Own MacBook attack: Charlie Miller hacks Safari again Hacker...
System Security
iPhone, Safari, IE8, Firefox fall on day one of Pwn2Own
iPhone, Safari, IE8, Firefox all fall on day one of Pwn2Own
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 16:11.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App