Discussion in 'other security issues & news' started by MrBrian, Jan 23, 2012.
Revamped Pwn2Own to Offer $105K in Prizes, Cash From Google for Chrome 0-Days
That time again already?
I was hoping for IE10 before this, didn't realize it was so close
Does IE10 have any notable security improvements?
If any (or all) of the talk and hand-wringing and predictions of dire consequences surrounding Google Chrome's extension vetting was warranted, would it not be likely that some of these extensions would be ripe targets for the contestants?
Does anyone predict that GC extensions will be successfully targeted at this Pwn2Own contest?
Have any GC extensions been owned at past conferences?
I guess not.
The first competition is a vanilla browser with no plugins/ extensions. The second competition brings plugins (and possibly extensions) in but I'm not sure.
Obviously you can expect security improvements, just like every version of IE to date.
You could argue that through the use of addons/extensions/etc every browser is "vulnerable" so I doubt that's a plausible attack vector for this competition.
I see nothing about security improvements from that wiki page. Maybe they'll slip something in.
Didn't you read "HTML5 Sandbox" on that link?
Anyways, I think more notable security improvements will appear in the first beta.
Somehow missed that. Eh.
You won't until the IE blog announces them to us, just like they did with the HTML5 sandbox support. I agree with guest that more light will be shed on it after beta if IE9 was anything to go by.
I'm with you on the 1st part (every browser vulnerable via extensions),
but you lost me on the 2nd (not a plausible attack vector for this competition).
Why not, elapsed?
I guess because they'd all lose. But if the goal is remote code execution I doubt it.
Pretty much what I was thinking.
Sorry for lagging behind on this, I'm trying to get up to speed.
But I don't get it.
Extensions are not going to be targeted in this competition because the would all lose?
Yeah, ignore that. I wasn't thinking lol
Separate names with a comma.