Pwn2Own 2011

I'm not so sure about that. Last year nobody tried to crack Chrome and there were plenty of pundits saying Chrome is such a Fort Knox that nobody even bothered to give it a whirl. So they get praised as having the most secure browser without even being put to the test by anyone. If they got caught it would be embarassing but not the end of the world. Businesses and politicians have gotten nailed for much worse things and survived.

 

About Chrome, from what I read there were two times that were gonna try to hack it, one didn't show up at all, but the other one skipped Chrome and focused on BlackBerry's OS. So it does sound like last minute give-up to me.

And these conspiracy theories are really ridiculous anyway.

 

Most businesses don't have a constant spotlight on anything and everything they do like Google (and MS in the past) does either. Regarding the "Fort Knox" comment, I'm in agreement with you and that was why I mentioned in an earlier post that it could lead to a false sense of security.

Edit: I won't pass judgement on the guy that skipped it to work on Blackberry. Mobiles are squarely in the crosshairs now of malware writers, so they need a good whacking at, to see how they stand.

 

It wasn't meant to be all that serious. I apologize for not putting in the sarcasm tags.

 

Browser exploits and Pwn2Own results are subject to the laws of supply and demand as much as anything else.

Charlie Miller said in an interview last year that if they offered $1,000,000 for each Chrome vulnerability, there would be a line at least a block long with people looking to bankrupt the contest. Since Chrome seems more difficult to exploit, people won't invest the extra time and resources unless they feel the return is worth it.

 

Actually it was tested in 2008, and remained unhacked.

 

iPhone, BlackBerry Fall on Second Day of Pwn2Own

 

From the above link:

 

Maybe all teams should post a $ 20,000 bond which they forfeit if they withdraw.

 

Umm, that's because no one could exploit it. That's why they didn't show up. These attacks are planned months in advance, it isn't like they just show up empty-handed hoping to find some way in on the spot.

Charlie Miller himself has said that he has exploits for Chrome but he has not found a way to make them work because the sandbox is too difficult to escape.

 

We don't know why nobody showed up this year, so let's not have the assumption train speed down the tracks yet. I personally would rather someone come out and say "Look, we had something lined up, but we just couldn't get it done", than keep quiet. Whether "getting it done" means the exploit won't work, they ran into trouble, or just plain couldn't make it, some explanation would be nice. Otherwise we end up with your kind of comments (not insulting you, just saying lots will hurry right on out and proclaim Chrome is unbeatable). Why the Firefox guys left would be interesting to hear as well.

 

Ubuntu or opera?

Thanks

 

It was an Ubuntu 7.10 laptop.

 

Thanks.

 

Probably because they couldn't find an exploit that worked. It certainly was not because of a lack of interest -- Firefox is the most popular browser there is.

Did anyone crack FF this year?

 

The contest has a new week-old rule, at least accord to ars technica.

 

From http://www.eweek.com/c/a/Security/Microsoft-Says-Internet-Explorer-9-Doesnt-Have-Pwn2Own-Bug-598111/:

 

That's a link for IE9, not Firefox.

 

Scroll down to the 2nd last paragraph.

 

Oh, I see.

 

Surprised that Firefox remained unchallenged. That makes it quite secure I suppose.

 

Windows Phone 7 also remained unchallenged, does that make it secure?

 

Source

 

I would say it's not a coincidence.