Browsers hacked -all of them- at Pwn2Own contest

Browsers hacked -not all of them- at Pwn2Own contest

http://www.theregister.co.uk/2009/03/19/pwn2own_day1/

 

All of them?
I can´t find anything about IE7 and Opera today...

 

Interesting.

I could see corporate sponsored hacking tournements to raise the money level making it more attractive to a larger group of exploiters. Maybe get the prize level around $50k or more.
They might even squeeze a few more exploits out by bracketing the tourney to 2 or 3 rounds.

 

Good one. Tried to Change title of thread.
Might just be a matter of time.
Opera: security by obscurity ??

 

Opera gets no respect. It's been my browser since V6 maybe earlier.

 

Actually when specifically targeted any browser can be broken. No surprize and no winner here IMO.

 

So there is no safest browser?

 

Relatively speaking, Yes. Otherwise No.

 

Some quotes from one of the winners in an interview:

 

Its mine as well,m be it Windows or Linux and since version 2x. It gets respect and loyalty from those who know what to expect in a suite, there is nothing like it out there.

 

So Chrome must be the winner IMO.

Hmmm.... I guess soon all major browser vendors might be going to implement a sanbxoing technique.

 

And by the time they do, someone, somewhere will have figured out how to break through them also. Security is a back and forth battle, we all know that here. Just because something is difficult to break now, doesn't mean 6 months from now it still will be. We just have to keep our eyes peeled.

 

Yes, but as they mentioned it might be harder even then.

 

Links is my primary browser. Don't tell me they got to that too.

 

You're telling me you're using a text browser as your primary browser??

BTW, the hype over pwning browsers ... lots of media attention, I'm sure and good money, but things are a bit less drastic than that.

Mrk

 

Maybe with decent protection it's a bit less drastic, I'll agree with you on that. But, I'm telling you, a lot less people have even simplistic protection such as Sandboxie than it may sometimes seem. There are still millions of grandmas, grandpas...hell, millions of users period that just use an AV and Windows firewall. No image backup, no virtualization, nada, and that's just here in the U.S, think about the world as a whole. Browsers may be fairly complicated to "pwn", but every day they do, and having a welcome mat like an unpatched IE and no anti-malware makes it that much easier to "pwn".

 

If you are talking about malware that attempts to sneak in while connected to the internet (drive-by exploits), I contend you need nothing more than a Router/Firewall and a properly patched/secured browser. Yes, even IE, as many will attest.

The fact that many do not have the above does not disprove the assertion.

Demonstrating compromising a browser in a contest is impressive, I suppose, but generates a big yawn for many people until a circulating exploit in the wild emerges.

----
rich

 

Practically speaking, that's probably how it is for most home users now, even taking into account the occasional zero-day browser or browser plugin vulnerability that allows remote code execution for a short window of time.

But consider again the words of Charlie Wilson quoted above, one of the researchers at the contest this year who was able to easily break through Safari on a Mac:

 

Firefox on Linux ??

 

Deluge of Browser Security Issues Drives Mass Migration

http://news.netcraft.com/archives/2...er_security_issues_drives_mass_migration.html