IE8 FF and Safari fall for Pwn2Own hack.

Discussion in 'privacy problems' started by Arup, Mar 18, 2009.

Thread Status:
Not open for further replies.
  1. Arup

    Arup Guest

  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    The bad guys are always going to get through no matter how long it takes or what methods they use. Microsoft has spent a year fortifying IE8, and hackers have spent a year poking at it. Gee, and on the day before official release too, lol, that has to suck.
     
    Last edited: Mar 19, 2009
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Nothing really new here. All programs (and especially complex ones) will always have bugs that can be exploited to compromise a system.
     
  4. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
  5. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    It wasn't only IE8 and Safari: Firefox was easily beaten too.
     
  6. Arup

    Arup Guest


    Yep thats why the title says IE8, FF and Safari.
     
  7. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Oops, you're right. Sorry.
     
  8. guest

    guest Guest

    I wonder how it was really done and how we can protect ourselves from this... Is using something as noscript enough? ...
     
  9. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
  10. CaixFang

    CaixFang Registered Member

    Joined:
    Mar 24, 2009
    Posts:
    72
    That is freaking LAUGHABLE. NO ONE OWES the general public jack. I'm not for exploiting holes for "blackhat" uses, but it is no ones responsibility to plug these holes and disclose exploits other than the creators - open source or not.
     
  11. badjoey

    badjoey Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    50
    google chrome is your best bet at the moment.it was the only browser not to get hacked and the guy who hacked safari and firefox said that he knows of exploits in google but as far as he could tell there is no way to exploit them because the google chrome browser sandboxes itself when you start browsing so anything you do to try and hack it will not get outside of the virtual sandbox the browser works in.
    so check it out for yourselves but this was right from the hackers mouth.
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    When I had read the article from the guys from stanford in which they extrapolated that Chrome due to its internal sandbox shhould be around 70% less vulnarable to exploits than other browsers I switched to Chrome for daily browsing.

    We now use IE8 only for on-line banking and shopping (due to a stupid restriction of only facilitating IE by one of my wife favourite on-line music shop) and Chrome for daily browsing. It is good to see that this stanford study assumption has been checked with real life tests.

    On IE we have added website rating program and use the new IE smartscreen filter check before buying, to minimise buying from malware sites.

    Using a policy sandbox (gesWall Pro on the older desktop and DefenseWall on the faster laptop at home) on top of that, I reduced my layered defense to a non-paranoid cover once setup (so no second safety nets with other HIPS etc to backup the policy management).

    In real life it did not change a thing (we were not exploited in the past and are with these setups also not exploited until now), only difference is a much more responsive system. With security a step from ignorance to awareness seems to make a difference, but the step to awareness to hobby or een paranoia seems to add not very much. I am wondering how many wilders members have gone through this cycle. From hype- hope- help - horror to the (h)old fashioned firewall + AV + policy management (either with programs like GW/DW or implemented through facilities of the Operating system).

    Thanks for the post by the way, nice read Arup.
     
    Last edited: Apr 4, 2009
  13. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I've gone through the stage you described, minus the horror phase. My mindset was until now, as follows:

    1. IE is BAD, don't go near it, widespread destruction will surely follow.

    2. There's "nuclear" malware out there that will get through anything you can throw at it. Get a HIPs/Behavior blocker right now and stack every security app that doesn't overlap, and then say a prayer.

    3. Hackers are everywhere and they want YOU. Beware!

    4. Everything you do, say, see, and hear is tracked online. "They" know where you are and what you're doing".




    My new mindset:

    1. No it isn't, and no it won't. I use IE8 and *gasp!*...I like it. Nothing's blown up yet.

    2. No there isn't, shut up and enjoy the internet.

    3. They are, but unless you've got something they want, no they don't.

    4. Actually it's not, and no they don't. They have trouble finding laptops an employee left in the break room and say it's stolen. Cookies can track some things, sure, but cookies can be dealt with REAL quick and easy.


    I like my new mindset, but that doesn't mean I'm not cautious. I stay on top of patches, my Avast is up and running just fine, I scan everything I download before I even think of opening them, and I'm sitting behind Sandboxie. That's all that's ever going to happen unless some huge new thing comes along. I'm not turning my computer into a 486 on dialup because I want to be "untouchable" as far as security, and I'm going to surf where I want, and download what I want, and get my 40 bucks a month worth of internet access.
     
  14. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Connect to my LAN, and you will soon find out that it's very true :D Lots of script kiddies around, with too much time on their hands.

    You ARE tracked online, and sometimes it's good to be aware of it, it gives you an interesting perspective on things. Don't become too paranoid about it, but stay alert.
     
  15. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
    FYI: FF was patched within 8 days.
     
  16. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I don't worry about script kiddies, hell, if they want to scan my ports all day they can have at it. The data thieves are my concern, and I have no data stored on my system they'd even want. I know I'm tracked in some ways online, but again, it's mostly cookies, which are easily dealt with. I've spent too much time under my tin foil hat, time to hang it up.
     
  17. Dogbiscuit

    Dogbiscuit Guest

    This may be especially true for XP.
     
  18. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    dw426,

    You pretty much summed up my feeling of surfing online as well :thumb:

    So much so,I had to quote you :D
     
  19. Arup

    Arup Guest

    I generally use Linux and sometimes use Windows, on both my sensitive data is fully encrypted, I wouldn't be without it.

    dw426 quote of turning your PC into a 486 is quite relevant in this sense. Too many security apps can make even a quad core into a 486 and also cause myriads of issues and clash with each other. Worse of all, browsing speed can be impacted as well.
     
Loading...
Thread Status:
Not open for further replies.