Pwn2Own 2012

Discussion in 'other security issues & news' started by MrBrian, Jan 23, 2012.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That time again already?
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    I was hoping for IE10 before this, didn't realize it was so close :(
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Does IE10 have any notable security improvements?
     
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    If any (or all) of the talk and hand-wringing and predictions of dire consequences surrounding Google Chrome's extension vetting was warranted, would it not be likely that some of these extensions would be ripe targets for the contestants?

    Does anyone predict that GC extensions will be successfully targeted at this Pwn2Own contest?

    Have any GC extensions been owned at past conferences?
     
  6. guest

    guest Guest

  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I guess not.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The first competition is a vanilla browser with no plugins/ extensions. The second competition brings plugins (and possibly extensions) in but I'm not sure.
     
  9. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Obviously you can expect security improvements, just like every version of IE to date.

    You could argue that through the use of addons/extensions/etc every browser is "vulnerable" so I doubt that's a plausible attack vector for this competition.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I see nothing about security improvements from that wiki page. Maybe they'll slip something in.
     
  11. guest

    guest Guest

    Didn't you read "HTML5 Sandbox" on that link?

    Anyways, I think more notable security improvements will appear in the first beta.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Somehow missed that. Eh.
     
  13. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    You won't until the IE blog announces them to us, just like they did with the HTML5 sandbox support. I agree with guest that more light will be shed on it after beta if IE9 was anything to go by.
     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I'm with you on the 1st part (every browser vulnerable via extensions),
    but you lost me on the 2nd (not a plausible attack vector for this competition).
    Why not, funkydude?
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I guess because they'd all lose. But if the goal is remote code execution I doubt it.
     
  16. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Pretty much what I was thinking.
     
  17. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Sorry for lagging behind on this, I'm trying to get up to speed. :)
    But I don't get it.
    Extensions are not going to be targeted in this competition because the would all lose? o_O
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yeah, ignore that. I wasn't thinking lol
     
Loading...
Thread Status:
Not open for further replies.