Browsers hacked -all of them- at Pwn2Own contest

Discussion in 'other security issues & news' started by Longboard, Mar 19, 2009.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Browsers hacked -not all of them- at Pwn2Own contest

    http://www.theregister.co.uk/2009/03/19/pwn2own_day1/
     
    Last edited: Mar 19, 2009
  2. DevilFrank

    DevilFrank Registered Member

    Joined:
    Jul 20, 2003
    Posts:
    108
    All of them?
    I can´t find anything about IE7 and Opera today...
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Interesting.

    I could see corporate sponsored hacking tournements to raise the money level making it more attractive to a larger group of exploiters. Maybe get the prize level around $50k or more.
    They might even squeeze a few more exploits out by bracketing the tourney to 2 or 3 rounds.
     
  4. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    :D Good one. Tried to Change title of thread.
    Might just be a matter of time.
    Opera: security by obscurity ?? ;)
     
    Last edited: Mar 19, 2009
  5. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,526
    Location:
    USA - Back in a real State in time for a real Pres
    Opera gets no respect. It's been my browser since V6 maybe earlier.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Actually when specifically targeted any browser can be broken. No surprize and no winner here IMO.
     
  7. progress

    progress Guest

    So there is no safest browser? :blink:
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Relatively speaking, Yes. Otherwise No.
     
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Some quotes from one of the winners in an interview:

     
  10. Arup

    Arup Guest


    Its mine as well,m be it Windows or Linux and since version 2x. It gets respect and loyalty from those who know what to expect in a suite, there is nothing like it out there.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    So Chrome must be the winner IMO.

    Hmmm.... I guess soon all major browser vendors might be going to implement a sanbxoing technique.
     
  12. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    And by the time they do, someone, somewhere will have figured out how to break through them also. Security is a back and forth battle, we all know that here. Just because something is difficult to break now, doesn't mean 6 months from now it still will be. We just have to keep our eyes peeled.
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Yes, but as they mentioned it might be harder even then.
     
  14. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Links is my primary browser. Don't tell me they got to that too.
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    You're telling me you're using a text browser as your primary browser??

    BTW, the hype over pwning browsers ... lots of media attention, I'm sure and good money, but things are a bit less drastic than that.

    Mrk
     
  16. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Maybe with decent protection it's a bit less drastic, I'll agree with you on that. But, I'm telling you, a lot less people have even simplistic protection such as Sandboxie than it may sometimes seem. There are still millions of grandmas, grandpas...hell, millions of users period that just use an AV and Windows firewall. No image backup, no virtualization, nada, and that's just here in the U.S, think about the world as a whole. Browsers may be fairly complicated to "pwn", but every day they do, and having a welcome mat like an unpatched IE and no anti-malware makes it that much easier to "pwn".
     
  17. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    If you are talking about malware that attempts to sneak in while connected to the internet (drive-by exploits), I contend you need nothing more than a Router/Firewall and a properly patched/secured browser. Yes, even IE, as many will attest.

    The fact that many do not have the above does not disprove the assertion.

    Demonstrating compromising a browser in a contest is impressive, I suppose, but generates a big yawn for many people until a circulating exploit in the wild emerges.

    ----
    rich
     
  18. Dogbiscuit

    Dogbiscuit Guest

    Practically speaking, that's probably how it is for most home users now, even taking into account the occasional zero-day browser or browser plugin vulnerability that allows remote code execution for a short window of time.

    But consider again the words of Charlie Wilson quoted above, one of the researchers at the contest this year who was able to easily break through Safari on a Mac:
     
    Last edited by a moderator: Mar 22, 2009
  19. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Firefox on Linux ??
     
  20. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Deluge of Browser Security Issues Drives Mass Migration
    http://news.netcraft.com/archives/2...er_security_issues_drives_mass_migration.html

    :D
     
Loading...
Thread Status:
Not open for further replies.