|
IE8, Firefox and Safari all taken down on day one of Pwn2Own
|
|
The following comments relate to this news article:
article published on 25 March, 2010
At this week's Pwn2Own hacking contest, the iPhone, Safari, Internet Explorer 8 and Firefox browsers were all taken down within minutes.
Vincenzo Iozzo and Ralf-Philipp Weinmann took down the iPhone browser in under five minutes, and left with $15,000 in prize money. Weinmann is most notorious for being part of a team that cracked WEP Wi-Fi security in 2007, faster than was previously recorded.
... [ read the full article ]
Please read the original article before posting your comments.
|
Member
|
25. March 2010 @ 16:52 |
Link to this message
|
Go Chrome!!!
fanboyish i know but i simply love how fast this thing is ^^
|
|
Advertisement
|
 |
|
|
|
Run4two
Junior Member
|
25. March 2010 @ 22:12 |
Link to this message
|
|
How much is the knowledge of a good exploit worth to these major companies? It seems the monetary awards aren't close to the value. Are these truly the best exploits out there? One would think the prize should be something outside the box, a 2 yr. minimum contract working in the security and piracy division of these companies at a decent salary.
|
|
Racem22
Newbie
|
26. March 2010 @ 02:21 |
Link to this message
|
Originally posted by Run4two:
How much is the knowledge of a good exploit worth to these major companies? It seems the monetary awards aren't close to the value. Are these truly the best exploits out there? One would think the prize should be something outside the box, a 2 yr. minimum contract working in the security and piracy division of these companies at a decent salary.
Well I would say if these guys are cracking IE, firefox, and the iphone they most likely got good enough jobs already but who knows.
|
|
NeoandGeo
Member
|
26. March 2010 @ 06:32 |
Link to this message
|
Originally posted by Josipher:
Go Chrome!!!
fanboyish i know but i simply love how fast this thing is ^^
They are all the same speed on the machines I use. The only difference is add-ons and site compatibility.
|
|
wealldoit
Newbie
|
26. March 2010 @ 11:25 |
Link to this message
|
So we can assume the fastest and finest Windows browser ever -OPERA- wasn't even in the contest. Why not? Couldn't TippingPoint and Pwn2Own even scratch Opera's paintwork? Or was this 'contest' a glorified commercial for Google Chrome?
|
Member
|
26. March 2010 @ 16:04 |
Link to this message
|
Originally posted by wealldoit:
So we can assume the fastest and finest Windows browser ever -OPERA- wasn't even in the contest. Why not? Couldn't TippingPoint and Pwn2Own even scratch Opera's paintwork? Or was this 'contest' a glorified commercial for Google Chrome?
Well seen as Opera only has a 2% market share they probably didn't think it was worth it.
Good news for Chrome though. I've been using it since the early days and the way it's developed and grown is impressive and a half.
|
Junior Member
3 product reviews
|
26. March 2010 @ 17:30 |
Link to this message
|
The reason why Chrome is taking longer is that it is a new browser. The hackers have far more experience dealing with the other browsers whose architecture has changed very little over the years.
|
AfterDawn Addict
|
26. March 2010 @ 22:27 |
Link to this message
|
please tell me safari was on a macos
|
Senior Member
5 product reviews
|
26. March 2010 @ 22:57 |
Link to this message
|
Yikes!! I use Opera alot though, and don't see too much of a problem, with just a few exception to Flash though.
|
|
KSib
Member
|
26. March 2010 @ 23:08 |
Link to this message
|
Hm, cross-reference this article with this one before you get too carried away about Chrome: http://www.neowin.net/news/safari-firefo...e-left-untested
TL;DR: No one attempted to hack it (Chrome), basically.
Seeing as how there was a time limit they went for browsers they knew they could hack in a reasonable amount of time. Don't get me wrong, Chrome is freaking sweet, but I felt like you guys needed more information.
|
AfterDawn Addict
1 product review
|
27. March 2010 @ 00:50 |
Link to this message
|
I'm sure Chrome is crackable...it runs on windows!
I wonder who will buy the exploit rights for taking down FireFox on Win7...
|
Member
|
27. March 2010 @ 14:45 |
Link to this message
|
From the Neowin article
Quote:
There are bugs in Chrome but they?re very hard to exploit. I have a Chrome vulnerability right now but I don?t know how to exploit it. It?s really hard. They?ve got that sandbox model that?s hard to get out of. With Chrome, it?s a combination of things ? you can?t execute on the heap, the OS protections in Windows and the Sandbox.
|
|
wealldoit
Newbie
|
29. March 2010 @ 12:23 |
Link to this message
|
Originally posted by ville30:
The reason why Chrome is taking longer is that it is a new browser. The hackers have far more experience dealing with the other browsers whose architecture has changed very little over the years.
That's right. But isn't Opera older than Firefox, Safari and most other browsers, let alone Chrome?
I can only think of IE (1995) and the late great Netscape Navigator (1994) as being slightly older. I'm a little disappointed why it (Opera which first came out in 1996) wasn't involved in this contest..Ah well, no matter...
This message has been edited since posting. Last time this message was edited on 29. March 2010 @ 12:34
|
Member
|
2. April 2010 @ 01:21 |
Link to this message
|
|
This simply solidifies a well known FACT in all security circles...ALL software is beatable. period.<-(another period)
I worked in the security industry for a long time, and despite what Nix, Mac or any fanboi will scream for all to hear, they're all exploitable. No code is "secure". It's only secure until it's released to the public and then the holes will begin to appear.
I always get a laugh at those who yell "MS needs to write secure code!"..LOL! What...those other OS developers have some "magic" code that nobody else knows of or sumthin?? Or have some secret compiler that instantly recognizes a previously unknown exploit before it's released? Get a clue before making idiotic statements like that (which I'm positive are about to come soon).
|
Junior Member
|
2. April 2010 @ 02:15 |
Link to this message
|
|
You determine the source code with the most defects then rewrite the code.
Our software group implemented hundreds of bug fixes and new features but reduced the lines of code in the process. We used static analysis of our source code to find software defects yet to be discovered. We removed source code to support features never released to custommer because project was cancelled while still in engineering. We removed thousands of patches that were never needed because a software engineer did not understand how the microprocessor worked.
|
Member
|
4. April 2010 @ 16:42 |
Link to this message
|
Originally posted by john_swan:
You determine the source code with the most defects then rewrite the code.
Our software group implemented hundreds of bug fixes and new features but reduced the lines of code in the process. We used static analysis of our source code to find software defects yet to be discovered. We removed source code to support features never released to custommer because project was cancelled while still in engineering. We removed thousands of patches that were never needed because a software engineer did not understand how the microprocessor worked.
And that is exactly what every programmer (group) does, including those at MS. It's still an impossibility to release completely secure code, and you know that to be true if you work(ed) for a s'ware group. Sure there are ways to test the code and eliminate extraneous or wobbly code, but you can never close holes that are yet to be discovered. As long as code is written, it can, and Will be broken.
Also the more complex the code, the more opportunity for exploits to be found, and Win-dOhs is about as complex as it gets. I'm a coder too, and I just can't wrap my brain around just how much work goes into that OS..wow.
No...I just find it funny how much it shows a lack of understanding when people make those types of statements they do against MS for any new exploits that are found. I'm no MS cheerleader about their business model at times, but I (and I know you do too John ;) ) also realize just what the reality of building something so vastly complex as W7 is, and how much they've done to advance computing in general.
Happy Easter!
This message has been edited since posting. Last time this message was edited on 4. April 2010 @ 16:43
|
|
Advertisement
|
|
|
Junior Member
|
4. April 2010 @ 17:57 |
Link to this message
|
|
Will someone at MS please tell us why our computers become non-responsive for several minutes at random intervals. Someday can you imagine that your brakes go offline for several minutes while the computer reboots following a software update.
|
