Pwn2Own 2012

Discussion in 'other security issues & news' started by MrBrian, Jan 23, 2012.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    That time again already?
     
  3. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I was hoping for IE10 before this, didn't realize it was so close :(
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Does IE10 have any notable security improvements?
     
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,957
    Location:
    USA
    If any (or all) of the talk and hand-wringing and predictions of dire consequences surrounding Google Chrome's extension vetting was warranted, would it not be likely that some of these extensions would be ripe targets for the contestants?

    Does anyone predict that GC extensions will be successfully targeted at this Pwn2Own contest?

    Have any GC extensions been owned at past conferences?
     
  6. guest

    guest Guest

  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I guess not.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    The first competition is a vanilla browser with no plugins/ extensions. The second competition brings plugins (and possibly extensions) in but I'm not sure.
     
  9. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Obviously you can expect security improvements, just like every version of IE to date.

    You could argue that through the use of addons/extensions/etc every browser is "vulnerable" so I doubt that's a plausible attack vector for this competition.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I see nothing about security improvements from that wiki page. Maybe they'll slip something in.
     
  11. guest

    guest Guest

    Didn't you read "HTML5 Sandbox" on that link?

    Anyways, I think more notable security improvements will appear in the first beta.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Somehow missed that. Eh.
     
  13. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    You won't until the IE blog announces them to us, just like they did with the HTML5 sandbox support. I agree with guest that more light will be shed on it after beta if IE9 was anything to go by.
     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,957
    Location:
    USA
    I'm with you on the 1st part (every browser vulnerable via extensions),
    but you lost me on the 2nd (not a plausible attack vector for this competition).
    Why not, elapsed?
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I guess because they'd all lose. But if the goal is remote code execution I doubt it.
     
  16. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Pretty much what I was thinking.
     
  17. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,957
    Location:
    USA
    Sorry for lagging behind on this, I'm trying to get up to speed. :)
    But I don't get it.
    Extensions are not going to be targeted in this competition because the would all lose? o_O
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Yeah, ignore that. I wasn't thinking lol
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.