Did A Google Earth Mistake Cause A Couple's Brutal Murder?
Tumblr 101: Tips And Tricks To Get Started
Safari hacked in a flash at Pwn2Own 2009, Firefox and IE8 follow
"It took a couple of seconds. They clicked on the link and I took control of the machine," said Miller. It's safe to say that when Apple proclaimed Safari "the fastest browser on the planet," that they weren't referring to how soon it would fail at the competition.
None of the three browsers on display made it out unscathed: a competitor known only as Nils was the next to overcome Safari, and he later took down Firefox and Internet Explorer 8. It's an important reminder to all of us that - regardless of what browser we're using - someone out there is hard at working looking for an exploit that could put us at risk, too.
[via ZDnet]
Comments
6
Subscribe to commentsPTMar 19th 2009 10:10AM
Nothing I wouldn't be expecting...
hazardMar 19th 2009 10:15PM
Actually I'm quite surprised that OSX could be owned so easily .. just goes to show no matter how well you design an OS you can never account for bad programming.
ToddMar 19th 2009 10:16AM
"IE8 gets people to the information they need, fast, and provides protection that no other browser can match." - Steve Ballmer March 18, 2009
http://news.prnewswire.com/ViewContent.aspx?ACCT=109&STORY=/www/story/03-19-2009/0004991142
EvenioMar 19th 2009 11:03AM
And I wonder how many months they were each sitting on their respective exploits so that they could win cash and gear instead of just gratitude? I'm not saying that Apple doesn't need to step up their game in security, because they clearly do, but contests like this don't necessarily encourage the betterment of computer platforms' security, but rather, they encourage people like the contestants to hold off on submitting their exploits, increasing the risk that someone less "altruistic" will find them as well. The flawed principle of these contests temper any claims that Safari or Firefox or even IE8 is "less secure" than the competition, in my opinion.
phrayMar 19th 2009 11:31AM
Charlie actually said that he'd been sitting on his exploit for about a year. So you're totally right, that's a long time to NOT disclose your exploit. But at the very least, the rules state that all exploits must be fully disclosed. So this contest does actually encourage betterment of security... eventually.
It's better than the guy never disclosing the 'sploit, I suppose.
CounselMar 19th 2009 11:40AM
I am not sure how the competition is any different that simply offering cash to the "general public" to disclose exploits. You might get more exploits shown...
Either way, I think that if calling a company and saying "I know of an exploit, and I am going to release it to the general public unless you pay me 5 quid" is a crime, then who, exactly, this type of "reward" does not encourage anyone to simply disclose (when they find it) an exploit.
Oh wait... We wouldn't want to encourage appropriate disclosure anyway... What was I thinking?