IE and Safari out at Pwn2Own on day 1

Page 1 of 4 123 ... LastLast

    IE and Safari out at Pwn2Own on day 1


    Posted: 10 Mar 2011
    I really wish they would have tested IE9...but not being released yet means they won't...because pre-release versions of something are just that, unfinished and not ready for prime-time.

    Making sport of browser security, hackers topple IE, Safari • The Register

    Contestants in a high-stakes hacking contest had no trouble toppling the Apple Safari and Microsoft Internet Explorer browsers, proving for a fifth year in a row that no software or application is safe from people with the expertise and motivation to exploit them.


    The attacks came on Day One of the Pwn2Own contest, which pays more than $15,000 apiece for exploits that successfully give the attacker full remote access of the targeted machine. Wednesday's event saw hackers take complete control of a fully patched Sony Vaio and MacBook Air by compromising IE and Safari respectively. Google's Chrome browser was also up for grabs, but no one stepped forward to try hacking it.

    Google's Chrome untouched at Pwn2Own hack match - Computerworld
    If Chrome comes out unscathed, as it now appears it will, the browser will have survived three consecutive Pwn2Owns, a record.

    Firefox testing was expected to commence today.
    pparks1's Avatar Posted By: pparks1
    10 Mar 2011



  1. Posts : 195
    Windows 7 Ultimate x64 SP1
       #1

    I knew there was a good reason why I was using Chrome

    Apple need to up their security a lot more, that result is really really poor, IE8 well who's surprised about that one, not me that's for sure.

    Hopefully Firefox's security can hold out.
      My Computer


  2. Posts : 64
    Windows 8 Pro
       #2

    Do you guys know if they test Opera? I would be really curious to see the results for that one. I don't like the idea that they are just going after FF 3.6, and IE8, instead of the 4 and 9 respectively... Nonetheless, the results should be interesting.
      My Computer


  3. Posts : 195
    Windows 7 Ultimate x64 SP1
       #3

    Windows 911 said:
    Do you guys know if they test Opera? I would be really curious to see the results for that one. I don't like the idea that they are just going after FF 3.6, and IE8, instead of the 4 and 9 respectively... Nonetheless, the results should be interesting.
    Because they are aren't released yet, pointless testing development software, wouldn't really be fair plus their usage won't be as wide spread as the stable versions.
      My Computer


  4. Posts : 64
    Windows 8 Pro
       #4

    That is quite true, good point. Well, I'll have to wait to see next year. :) I just looked up the results for the fall of IE8, they bypassed ASLR, DEP, and the protected mode. Pwn2own said that they never saw that before... And like you said, Apple seriously needs to step up their game. I have read multiple articles that Apple's security is definitely lacking...
      My Computer


  5. Posts : 2,528
    Windows 7 x64 Ultimate
       #5

    They can't be trying very hard on Opera given the number of vulnerabilities found in it over the last year :/

    http://secunia.com/advisories/search/?search=opera

    One always has to queestion the motivations of the participants. EVERYONE wants to bag on IE, but what street cred to you get from poking holes in everyones hero Opera?
      My Computer


  6. Posts : 7,878
    Windows 7 Ultimate x64
    Thread Starter
       #6

    Windows 911 said:
    That is quite true, good point. Well, I'll have to wait to see next year. :) I just looked up the results for the fall of IE8, they bypassed ASLR, DEP, and the protected mode. Pwn2own said that they never saw that before...
    I honestly don't expect the situation with IE to improve much by next year. Honestly, they were supposed to be better with IE6 (and weren't), IE7 (and weren't), IE8 (well, we all now how secure that has been), and now here comes IE8.


    Windows 911 said:
    And like you said, Apple seriously needs to step up their game. I have read multiple articles that Apple's security is definitely lacking...
    Apple doesn't have enough customers for it to really matter.
      My Computer


  7. Posts : 6,618
    W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
       #7

    fseal said:
    They can't be trying very hard on Opera given the number of vulnerabilities found in it over the last year :/

    Search - Advisories - Community

    One always has to queestion the motivations of the participants. EVERYONE wants to bag on IE, but what street cred to you get from poking holes in everyones hero Opera?
    That is a very poor accessment of Opera. If you take the time to check, all of those vulnerabilities have been fixed in the current version. What does make a browse insecure, such as IE has always been in the past, is that a known vulnerability is not fixed, or worse that some are never published so that the users are unaware of them.

    Opera has ALWAYS been the most secure browser available. That does not mean that it is perfect, nor that faults will never be found, it means that once a vulnerability is known, Opera fixes it VERY rapidly.
      My Computer


  8. Posts : 64
    Windows 8 Pro
       #8

    I think many of the contestants in Pwn2Own use Opera for their browser. I wonder which one is more secure, Chrome or Opera? I personally like Opera a bit more because of its fantastic Software acceleration and more personal options to choose from.
      My Computer


  9. Posts : 2,528
    Windows 7 x64 Ultimate
       #9

    Well yes, of course they are all fixed, but given that they are being found at a steady rate, it's pretty safe to assume that it still has some, in fact probably a lot. Until the discoveries slow down to one or two a year, the software is guaranteed to contain plenty more waiting to be discovered.

    Sentences like this "Google's Chrome browser was also up for grabs, but no one stepped forward to try hacking it." speaks voolumes about the fairness of it all.

    Given that Safari and Chrome are based on the same base layout engine, it's entirely likely to suffer a lot of the same flaws. Why aren't people going after it? If Google makes it through because no one dared to suffer community retribution for even trying, does it get to claim it survived too? :)

    So again, if Opera makes it through unscathed it's far more likely it's because no one bothered to try very hard... The people that do the hacking as well as the contests are so religeously polarized you can't judge much at all by the outcomes, and that's really a shame
      My Computer


 
Page 1 of 4 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:17.
Find Us