Pwn2Own contest winner: Macs are safer than Windows

    

Charlie Miller, the security expert who won both this and last year’s CanSecWest Pwn2Own security contests by exploiting Macs running Safari, repeated in an interview that he’d recommend Macs to typical users as a safer alternative to Windows PCs.

Following both Pwn2Own contests, numerous sensationalist headlines played up the idea that a Mac had been “cracked in seconds,” conspicuously neglecting to mention what Miller called “the many days doing research and writing the exploit before the day of the competition,” enabling him to discover the bugs and develop a way to successfully exploit them on the first try at the event. Continue reading

Advertisements

Microsoft 24 hours late with IE8 pwn protection

 

 

                    

 

Just one day after a little-known hacker dazzled his peers by exploiting the latest version of Internet Explorer 8 beta, Microsoft added an important protection to the browser that probably would have prevented the attack.

The measure, which was added to last Thursday’s final release of IE8, restores so-called ASLR, or address space layout randomization, and DEP, or data execution prevention, to the Microsoft browser. Microsoft has more about that here. Continue reading

Chrome beats the hackers in annual browser bash

The Pwn2Own competition, which is held every year to challenge hackers and security experts to find vulnerabilities in web browsers and mobile devices, has taken its usual share of victims with one surprise survivor during its first day.

Targeted browsers included Microsoft’s Internet Explorer 8, Mozilla’s Firefox, and Google’s Chrome, running on a Sony Vaio notebook running Windows 7 as well as Safari and Firefox on a Macbook running OS X.

Continue reading

Pwn2Own: IE8 hacked & Microsoft responds in less than 12hrs

                        

TippingPoint’s 3rd annual Pwn2Own contest has already shown significant security breaches on Apple’s Safari, Mozilla’s Firefox and Microsoft’s Internet Explorer 8, but Google’s Chrome was the only browser that made it through the first day of testing this year.

One of the contestants, Nils was able to exploit the latest Internet Explorer 8 which was released just few days back. The blogosphere and news websites picked it up and very soon it became a hot news around. When people were worried about IE8’s security, MSRC (Microsoft Security Response Center) had already reproduced and validated the IE8 vulnerability in less than 12 hours.

Microsoft is expected to release a security patch for this vulnerability very soon. It is infact surprising to see that IE team acted so fast even when they were busy at MIX09!

You can visit TippingPoint’s blog for more information.

Related Post Chrome last browser standing after day one of Pwn2Own

Chrome last browser standing after day one of Pwn2Own

       

Google’s Chrome browser is the last web browser standing after day 1 of Pwn2Own. Does this make you reassess your daily browser?

A recent contest at CanSecWest, an event that brings together some of the most skilled experts in the security community, has demonstrated that the three most popular browser are susceptible to security bugs despite the vigilance and engineering prowess of their creators. Firefox, Safari, and Internet Explorer were all exploited during the Pwn2Own competition that took place at the conference. Google’s Chrome browser, however, was the only one left standing—a victory that security researchers attribute to its innovative sandbox feature.

I have to admit that while Chrome isn’t my default browser, I’m  quite fond of it. Its ability to handle countless tabs and Windows being open (as long as you have enough RAM) is far superior to any of the other big browsers. It’s also very stable and I’ve never had a crash that’s managed to take out all the tabs or make the wheels fall off the OS. The fact that Chrome’s survived day 1 of Pwn2Own makes me think that Google could set the security benchmark in much the same way that it is currently the speed pace setter.

Sure, Chrome doesn’t have all the bells and whistles that other browser have (and no add on support like Firefox) but it’s a fast, robust, and i seems secure bit of code.

Chrome is a browser worth keeping an eye on.

by Adrian Kingsley-Hughes

Related Post