Scripps Employees Called 'Hackers' For Exposing Massive Security Flaw
Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Internet Explorer and Safari first to fall at Pwn2Own 2011, Chrome and Firefox still standing
Internet Explorer 8 was thoroughly destroyed by independent researcher Stephen Fewer. "He used three vulnerabilities to bypass ASLR and DEP, but also escape Protected Mode. That's something we've not seen at Pwn2Own before," said Aaron Portnoy, the organizer of Pwn2Own.
Safari 5, running on a MacBook Air, was compromised in just five seconds by French security company Vupen. Both attackers netted $15,000 for successfully compromising a browser.
The contest continues today and tomorrow. Firefox 3.6 is yet to be attacked, and tomorrow will see the very first mobile browser deathmatch. Windows Phone 7, iOS, Android and RIM OS, all with their stock browsers, will be attacked by security researchers to find out just how secure mobile browsing is. Again, $15,000 is available for the first person or team to compromise each of the browsers.
Google, Apple and Mozilla, incidentally, all rolled out updates to their browsers just before Pwn2Own. It was not a coincidence.
Comments
19
Subscribe to commentsFezMar 10th 2011 10:33AM
"Google and Mozilla, incidentally, both rolled out updates to their browsers just before Pwn2Own. It was not a coincidence."
Also, Apple for Safari, fixing around 60 vulnerabilities.
I'm surprised that the hacker got past protected mode which means the pc was completely pwnt and under his control.
However it's a well known fact that security on Safari & OSX is a complete joke :p so I'm not surprised, still getting pwnt in 5 seconds is pretty funny :D.
Sebastian AnthonyMar 10th 2011 10:40AM
@Fez Yea, just read that Safari was patched too; will update the post.
SadsurferMar 10th 2011 10:59AM
*brings out his Opera flag*
Did Opera get a mention/test at the event?
*puts Opera flag away*
Sebastian AnthonyMar 10th 2011 11:03AM
@Sadsurfer Opera's so secure that they don't even bother... :P
SilverWaveMar 10th 2011 7:21PM
@Sadsurfer
>Opera
What has music got to do with a browser competition?
XanderMar 10th 2011 11:08AM
I was under the impression that there was a feature lock 2 weeks ahead of time so all the recent patches were not on these browsers? Are they not still doing that? O.o
FezMar 10th 2011 11:39AM
@Xander
There is a feature lock, but basically the would see if the vulnerability wasn't patched in the current releases before paying the prize money.
FezMar 10th 2011 11:39AM
@Xander
they* would* see*
Sebastian AnthonyMar 10th 2011 2:01PM
@Xander I think it was 2 HOURS before the event. But could be wrong.
Anthony S.Mar 10th 2011 1:55PM
I'm kind of anxious to see how IE9 would hold up. Man, and it's only four days until release... *sigh* Guess I'll have to wait until next year's Pwn2Own to see.
Sebastian AnthonyMar 10th 2011 2:01PM
@Anthony S. Tell me about it! Next year will be FF4 and IE9 -- much more exciting :)
SilverWaveMar 10th 2011 7:24PM
@Anthony S.
If he could get through ASLR and DEP then IE9 wont be any kind of problem.
Praveen PremchandranMar 14th 2011 3:52AM
@Sebastian Anthony
Ahem, next year isn't it more likely to be Firefox 7 or something?
*hint* http://downloadsquad.switched.com/2011/02/07/firefox-4-5-6-and-7-to-be-released-before-the-end-of-2011/ *hint*
MattLeeMar 10th 2011 3:33PM
Seriously why would Opera be in it? It's by far the least used of the top 5 browsers. Hell why we're at it let's throw in Seamonkey. Seamonkey is closer to Opera in users than Opera is to Safari which is the 4th most used browser.
First off even with security patches IE would've still prolly fallen quicker than Firefox and Chrome. But the fact Microsoft knew about this contest and didn't do security fixes has to make you wonder how much they really care about security.
Yeah it's just a contest but it's a contest to show how secure your browser is, so what's that say when a company known for security issues doesn't even do security fixes for the contest? It's like admitting you don't care about how badly your browser is and that others care more about the users safety than you do.
SilverWaveMar 10th 2011 7:25PM
@MattLee
Opera is a browser? Who knew!?
KualaBeeMar 10th 2011 4:23PM
I am pleasantly surprised at Firefox's showing. However, I wish they hacked flash too, b/c in reality Flash would be on 95 + percent of all desktop browsers. Your browser is only as secure as its weakest link, thus theoretically Chrome with its Flash sandbox is the only real secure browser?
Danny BoyMar 10th 2011 7:20PM
@Sebastian Anthony
It's misleading to say that Firefox is still standing, when it hasn't even been attacked yet.
@KualaBee
Read above. No surprise at Firefox's "showing".
motangMar 10th 2011 8:18PM
LOL! Apple and MS did patching in preparation for this too, that's the funny part.
Sebastian AnthonyMar 14th 2011 6:23AM
@Praveen Premchandran Fair point :P
It will still LOOK like Firefox 4 though! The UI is unlikely to change -- like Chrome.