Microsoft 24 hours late with IE8 pwn protection

 

 

                    

 

Just one day after a little-known hacker dazzled his peers by exploiting the latest version of Internet Explorer 8 beta, Microsoft added an important protection to the browser that probably would have prevented the attack.

The measure, which was added to last Thursday’s final release of IE8, restores so-called ASLR, or address space layout randomization, and DEP, or data execution prevention, to the Microsoft browser. Microsoft has more about that here. Continue reading →

IE8 gains market share at Microsoft’s own expense

                  

New browser cuts into IE7’s market share, while Firefox, Safari and Chrome boost theirs

 

Gains made by Internet Explorer 8 (IE8) since its launch last Thursday have come at the expense of the older IE7, according to data from Irish metrics firm StatCounter.

And while IE7’s market share has fallen by 2.6 percentage points since last Wednesday, the day before Microsoft Corp. released IE8, most rival browsers showed significant gains, giving credence to the idea that Microsoft’s newest venture has not pushed users of its competitors to switch. Continue reading →

Chrome beats the hackers in annual browser bash

The Pwn2Own competition, which is held every year to challenge hackers and security experts to find vulnerabilities in web browsers and mobile devices, has taken its usual share of victims with one surprise survivor during its first day.

Targeted browsers included Microsoft’s Internet Explorer 8, Mozilla’s Firefox, and Google’s Chrome, running on a Sony Vaio notebook running Windows 7 as well as Safari and Firefox on a Macbook running OS X.

Continue reading →

Pwn2Own: IE8 hacked & Microsoft responds in less than 12hrs

                        

TippingPoint’s 3rd annual Pwn2Own contest has already shown significant security breaches on Apple’s Safari, Mozilla’s Firefox and Microsoft’s Internet Explorer 8, but Google’s Chrome was the only browser that made it through the first day of testing this year.

One of the contestants, Nils was able to exploit the latest Internet Explorer 8 which was released just few days back. The blogosphere and news websites picked it up and very soon it became a hot news around. When people were worried about IE8’s security, MSRC (Microsoft Security Response Center) had already reproduced and validated the IE8 vulnerability in less than 12 hours.

Microsoft is expected to release a security patch for this vulnerability very soon. It is infact surprising to see that IE team acted so fast even when they were busy at MIX09!

You can visit TippingPoint’s blog for more information.

Related Post Chrome last browser standing after day one of Pwn2Own

IE8 launch bumps browser’s market share by 30%

                      

Microsoft’s Internet Explorer 8 (IE8) received a small bump in market share Thursday as the company launched the final version mid-day, according to Web measurement company Net Applications.

IE8’s market share averaged 1.63% for the day Thursday from noon Eastern time onwards — when Microsoft posted the new browser for download — a 21% increase over March’s daily average of 1.35% through Wednesday. Net Applications has posted hourly market share numbers for IE8 on its Web site.

The browser’s share climbed again Friday, to an hourly average of 1.75% through 11:00 a.m. ET, bringing IE8’s total increase to 30% over the month’s daily average.

Even with that kind of increase, Vince Vizzaccaro, Net Applications’ executive vice president of marketing, was critical of Microsoft’s low-key launch. “I was a little surprised that there wasn’t any advanced warning,” said Vizzaccaro, “and no marketing push from Microsoft about IE8. At the minimum there should have been something for IE users that popped up and said ‘there’s an upgraded browser available … download it.'”

IE8’s market share climbed above the 1% mark for the first time last month, when it accounted for 1.2% of all browsers used. That boost had been fueled by the last January launch of the browser’s release candidate.

By comparison, Google’s Chrome, which debuted last September, had a 1.15% market share during February, while Mozilla’s Firefox — IE’s biggest rival — owned 21.77% of the business.

“Chrome got off to a fast start,” said Vizzaccaro, “but it really hasn’t moved much since then. And they had a low-key approach when they launched it, too. On the other hand, Mozilla made lots of noise about Firefox 3.0, with a special download day, and they got millions to download it.

“Microsoft is doing the same thing that they’ve done with browsers in the past, but that didn’t work for Chrome,” Vizzaccaro said. “If I were Microsoft, I would do something more on the Mozilla model. I’d be a lot more optimistic [about IE8’s chances] if there was a large public announcement that it was available.”

Microsoft debuted the final edition of IE8 for Windows XP, Vista, Server 2003 and Server 2008 Thursday, upgrading the browser for first time in two-and-a-half years.

Overall, Internet Explorer controls 67.5% of the browser market, according to Net Applications’ numbers, which are collected from the systems that surf to some 40,000 sites that the company tracks for clients. Almost three out of every four IE users run 2006’s IE7, while nearly all of the remainder run the even older IE6.

Currently, IE8 is available only as a manual download from Microsoft’s main download center and the IE8 page. The company will begin automatically installing the new browser on machines now running IE6 or IE7 at some unspecified future date, at which point its market share will undoubtedly climb.

By Gregg Keizer

Related Post Microsoft IE8 Now Available

Microsoft IE8 Now Available

                       

Microsoft on Thursday released Internet Explorer 8, a new version of its ubiquitous Web browser, adding features which the US software giant claims makes it safer and loads pages faster.

Internet Explorer 8 was available for downloading in 25 languages starting on Thursday at http://www.microsoft.com/ie8, the Redmond, Washington-based computer software giant announced in a statement.

Microsoft said IE 8 was faster than previous IE browsers and included “leading-edge security features in direct response to people?s increasing concerns about online safety.”

“Customers have made clear what they want in a Web browser — safety, speed and greater ease of use,” Microsoft chief executive Steve Ballmer said.

“With Internet Explorer 8, we are delivering a browser that gets people to the information they need, fast, and provides protection that no other browser can match,” he said in a statement.

Microsoft said page load times had been speeded up in IE8 and the new version of the browser blocks “two to four times as many malicious sites as other browsers on the market today.”

Internet Explorer is the world’s leading Web browser.

According to the Internet research firm Net Applications, IE had a total browser market share of 67.5 percent in January.

Mozilla’s Firefox was next with 21.53 percent, followed by Apple’s Safari with 8.29 percent and Google Chrome with 1.12 percent.

Microsoft’s dominance of the browser market through IE and operating systems through Windows has drawn the attention of anti-trust authorities in the United States and Europe.

Earlier this month, Microsoft said a control panel in its next-generation of Windows will let users shut off IE8 and other built-in programs.

The announcement came less than two months after the European Commission accused Microsoft of unfairly tying IE to Windows.

Opera Software filed a complaint with the commission in 2007 accusing Microsoft of denying Windows users “a real choice of browser.”

Mozilla and Google also objected to the bundling of IE with Windows, with Google calling the IE-dominated browser market “largely uncompetitive.”

Source: AFP Global Edition

Download Now

English Version

Windows XP
Windows XP 64 Bit
Windows Vista
Windows Vista 64 Bit
Windows Server 2003
Windows Server 2003 64 Bit
Windows Server 2008
Windows Server 2008 64 Bit

中文版

 Windows XP x86
 Windows Vista x86
 Windows Server 2003 x86
 Windows Server 2008 x86
 XP x64
 Windows Vista 64-bit
 Windows Server 2003 64-bit
 Windows Server 2008 64-bit

Researcher cracks Mac in 10 seconds at PWN2OWN, wins $5K

Charlie Miller defends his title; IE8 also falls on Day 1 of hacking contest

March 18, 2009 (Computerworld) Charlie Miller, the security researcher who hacked a Mac in two minutes last year at CanSecWest’s PWN2OWN contest, improved his time today by breaking into another Mac in under 10 seconds.

Miller, a principal analyst at Independent Security Evaluators LLC, walked off with a $5,000 cash prize and the MacBook he hacked.

“I can’t talk about the details of the vulnerability, but it was a Mac, fully patched, with Safari, fully patched,” said Miller Wednesday not long after he had won the prize. “It probably took 5 or 10 seconds.” He confirmed that he had researched and written the exploit before he arrived at the challenge.

The PWN2OWN rules stated that the researcher could provide a URL that hosted his or her exploit, replicating the common hacker tactic of enticing users to malicious sites where they are infected with malware. “I gave them the link, they clicked on it, and that was it,” said Miller. “I did a few things to show that I had full control of the Mac.”

Two weeks ago, Miller predicted that Safari running on the Mac would be the first to fall.

PWN2OWN’s sponsor, 3Com Inc.’s TippingPoint unit, paid Miller the $5,000 for the rights to the vulnerability he exploited and the exploit code he used. As it has at past challenges, it reported the vulnerability to on-site Apple representatives. “Apple has it, and they’re working on it,” added Miller.

According to Terri Forslof, the manager of security response at TippingPoint, another researcher later broke into a Sony laptop that was running Windows 7 by exploiting a vulnerability in Internet Explorer 8. “Safari and IE both went down,” she said in an e-mail.

TippingPoint’s Twitter feed added a bit more detail to Forslof’s quick message: “nils just won the sony viao with a brilliant IE8 bug!”

Forslof was not immediately available to answer questions about the IE8 exploit.

TippingPoint will continue the PWN2OWN contest through Friday, and will pay $5,000 for each additional bug successfully exploited in Apple Inc.’s Safari, Microsoft Corp.’s Internet Explorer 8, Mozilla Corp.’s Firefox or Google Inc.’s Chrome. During the contest, IE8, Firefox and Chrome will be available on the Sony, while Safari and Firefox will be running on the MacBook. The researcher who exploited IE8 will, like Miller, be awarded not only the cash, but also the laptop.

“It was great,” said Miller when asked how it felt to successfully defend his title. “But I was really nervous for some reason this time. Maybe it was because there were more people around. Lucky [the exploit] was idiot-proof, because if I had had to think about it, I don’t know if I’d had anything.”

This year’s PWN2OWN also features a mobile operating system contest that will award a $10,000 cash prize for every vulnerability successfully exploited in five smartphone operating systems: Windows Mobile, Google’s Android, Symbian, and the operating systems used by the iPhone and BlackBerry.

Miller said he won’t enter the mobile contest. “I can’t break them,” said Miller, who was one of the first researchers to demonstrate an attack on the iPhone in 2007, and last year was the first to reveal a flaw in Android. “I don’t have anything for the iPhone, and I don’t know enough about Google.”

Opera CEO称IE 8浏览器继续破坏网络标准

Opera Software首席执行官Jon von Tetzchner本周公开表示，微软的IE8浏览器还将继续破坏网络标准。这使得Opera必须继续浪费时间和金钱更新网站用于IE 6和IE 7。这也意味着，微软继续对网络施加不正当的影响和破坏。
多年来，微软已经以自己的IE浏览器引擎建立了自己的网络标准。这就迫使网站设计者要建立一个同时兼容于IE浏览器和其他的浏览器。这就扭曲了市场。

值得注意的是，尽管微软在IE 8已采纳了万维网联合会的HTML 5和CSS 2.1，但它没有采用已使用于Mozilla，谷歌，和Opera的SVG。

Jon von Tetzchner暗示，IE8真的到来的时候，不管它提供支持什么样的标准，其投诉缺乏对网络标准的支持会促使欧盟调查微软。这种情况现在已经引起了谷歌和Mozilla的支持。