I really wish they would have tested IE9...but not being released yet means they won't...because pre-release versions of something are just that, unfinished and not ready for prime-time.
Contestants in a high-stakes hacking contest had no trouble toppling the Apple Safari and Microsoft Internet Explorer browsers, proving for a fifth year in a row that no software or application is safe from people with the expertise and motivation to exploit them.
The attacks came on Day One of the Pwn2Own contest, which pays more than $15,000 apiece for exploits that successfully give the attacker full remote access of the targeted machine. Wednesday's event saw hackers take complete control of a fully patched Sony Vaio and MacBook Air by compromising IE and Safari respectively. Google's Chrome browser was also up for grabs, but no one stepped forward to try hacking it.
Do you guys know if they test Opera? I would be really curious to see the results for that one. I don't like the idea that they are just going after FF 3.6, and IE8, instead of the 4 and 9 respectively... Nonetheless, the results should be interesting.
Do you guys know if they test Opera? I would be really curious to see the results for that one. I don't like the idea that they are just going after FF 3.6, and IE8, instead of the 4 and 9 respectively... Nonetheless, the results should be interesting.
Because they are aren't released yet, pointless testing development software, wouldn't really be fair plus their usage won't be as wide spread as the stable versions.
That is quite true, good point. Well, I'll have to wait to see next year. :) I just looked up the results for the fall of IE8, they bypassed ASLR, DEP, and the protected mode. Pwn2own said that they never saw that before... And like you said, Apple seriously needs to step up their game. I have read multiple articles that Apple's security is definitely lacking...
One always has to queestion the motivations of the participants. EVERYONE wants to bag on IE, but what street cred to you get from poking holes in everyones hero Opera?
That is quite true, good point. Well, I'll have to wait to see next year. :) I just looked up the results for the fall of IE8, they bypassed ASLR, DEP, and the protected mode. Pwn2own said that they never saw that before...
I honestly don't expect the situation with IE to improve much by next year. Honestly, they were supposed to be better with IE6 (and weren't), IE7 (and weren't), IE8 (well, we all now how secure that has been), and now here comes IE8.
Windows 911 said:
And like you said, Apple seriously needs to step up their game. I have read multiple articles that Apple's security is definitely lacking...
Apple doesn't have enough customers for it to really matter.
One always has to queestion the motivations of the participants. EVERYONE wants to bag on IE, but what street cred to you get from poking holes in everyones hero Opera?
That is a very poor accessment of Opera. If you take the time to check, all of those vulnerabilities have been fixed in the current version. What does make a browse insecure, such as IE has always been in the past, is that a known vulnerability is not fixed, or worse that some are never published so that the users are unaware of them.
Opera has ALWAYS been the most secure browser available. That does not mean that it is perfect, nor that faults will never be found, it means that once a vulnerability is known, Opera fixes it VERY rapidly.
I think many of the contestants in Pwn2Own use Opera for their browser. I wonder which one is more secure, Chrome or Opera? I personally like Opera a bit more because of its fantastic Software acceleration and more personal options to choose from.
Well yes, of course they are all fixed, but given that they are being found at a steady rate, it's pretty safe to assume that it still has some, in fact probably a lot. Until the discoveries slow down to one or two a year, the software is guaranteed to contain plenty more waiting to be discovered.
Sentences like this "Google's Chrome browser was also up for grabs, but no one stepped forward to try hacking it." speaks voolumes about the fairness of it all.
Given that Safari and Chrome are based on the same base layout engine, it's entirely likely to suffer a lot of the same flaws. Why aren't people going after it? If Google makes it through because no one dared to suffer community retribution for even trying, does it get to claim it survived too? :)
So again, if Opera makes it through unscathed it's far more likely it's because no one bothered to try very hard... The people that do the hacking as well as the contests are so religeously polarized you can't judge much at all by the outcomes, and that's really a shame
https://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2015-Day-Two-results/ba-p/6722884
Oooh goody. I am sure we can all look forward to out-of-band/critical updates next week. Firefox has already gone to v36.0.4