![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
Pwn2Own: ALL browsers were defeated
There's an annual contest held as part of a Canadian computer security conference called CanSecWest. They will publish a list of browsers and operating systems, and people will try to create exploits that will let them bypass the browser's security and get malware on to the host system. The browser is the latest version and the computer operating systems are fully-patched, so they are as secure as you and I can easily make our personal systems.
Every browser failed. Internet Explorer 9 and 10 on Windows 7 and 8, Safari on OS-X, Chrome, Adobe Reader and Flash, Oracle Java, etc.
If you successfully break one, you get the computer and a cash reward. Which is a cool prize.
You also have to disclose the exact process that you used to break the browser to the software companies, you'll always see a flood of patches a couple of weeks after the conference ends.
While this does demonstrate vulnerabilities in your system, these are carefully-controlled zero-day hacks that may not be in general circulation. And they will be patched. The problem is that whenever a hole is patched, another hole will be found. Guaranteed. It's a never-ending game of whack-a-mole.
http://www.h-online.com/security/news/item/All-major-browsers-and-Java-fall-at-Pwn2Own-1818268.html
http://www.scmagazine.com.au/News/335750,chrome-firefox-ie-10-java-win-8-fall-at-pwn2own-hackfest.aspx
http://dvlabs.tippingpoint.com/blog/2013/01/17/pwn2own-2013
Every browser failed. Internet Explorer 9 and 10 on Windows 7 and 8, Safari on OS-X, Chrome, Adobe Reader and Flash, Oracle Java, etc.
If you successfully break one, you get the computer and a cash reward. Which is a cool prize.
You also have to disclose the exact process that you used to break the browser to the software companies, you'll always see a flood of patches a couple of weeks after the conference ends.
While this does demonstrate vulnerabilities in your system, these are carefully-controlled zero-day hacks that may not be in general circulation. And they will be patched. The problem is that whenever a hole is patched, another hole will be found. Guaranteed. It's a never-ending game of whack-a-mole.
http://www.h-online.com/security/news/item/All-major-browsers-and-Java-fall-at-Pwn2Own-1818268.html
http://www.scmagazine.com.au/News/335750,chrome-firefox-ie-10-java-win-8-fall-at-pwn2own-hackfest.aspx
http://dvlabs.tippingpoint.com/blog/2013/01/17/pwn2own-2013
no subject
(no subject)
(no subject)
(no subject)