gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76774 Posts in 13500 Topics by 1651 Members - Latest Member: insider4ever March 29, 2024, 01:43:07 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Chrome only browser left standing after day one of Pwn2Own
gfx
gfxgfx
 

Author Topic: Chrome only browser left standing after day one of Pwn2Own  (Read 522 times)

0 Members and 1 Guest are viewing this topic.

Offline DaBees-Knees

  • WMW Team
  • *****
Chrome only browser left standing after day one of Pwn2Own
« on: March 22, 2009, 06:48:24 am »
http://arstechnica.com/security/news/2009/03/chrome-is-the-only-browser-left-standing-in-pwn2own-contest.ar

Quote
Browser vendors often make strong claims about their responsiveness to vulnerability reports and their ability to preemptively prevent exploits. Security is becoming one of the most significant fronts in the new round of browser wars, but it's also arguably one of the hardest aspects of software to measure or quantify. A recent contest at CanSecWest, an event that brings together some of the most skilled experts in the security community, has demonstrated that the three most popular browser are susceptible to security bugs despite the vigilance and engineering prowess of their creators. Firefox, Safari, and Internet Explorer were all exploited during the Pwn2Own competition that took place at the conference. Google's Chrome browser, however, was the only one left standing—a victory that security researchers attribute to its innovative sandbox feature. The contest awards security researchers with hardware and cash prizes for finding efficient ways to trick browsers into executing arbitrary code. During the first day of the competition, the contestants are required to do this in default browser installations without plugins such as Flash or Java, which are commonly used as vectors for attacks. Researchers typically prepare for the event far in advance by finding zero-day exploits ahead of time. Early this month, prior champion Charlie Miller told reporters that he would be attempting to exploit a Safari vulnerability on Mac OS X. Safari, he said, would be the first to succumb to the contestants. As he promised, Safari went down first: he was able to execute his prepared hack in only a matter of seconds. Another security expert known only as Nils took longer, but was able to successfully exploit all three of the most popular browsers. These contests contribute to the growing culture of commercialism that surrounds the art of exploitation. In an interview with ZDNet, Miller said that the vulnerability he used in the contest was one that he had originally found while preparing for the contest last year. Instead of disclosing it at that time, he decided to save it for the contest this year, because the contest only pays for one bug per year. This is part of his new philosophy, he says, which is that bugs shouldn't be disclosed to vendors for free. "I never give up free bugs. I have a new campaign. It's called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away," Miller told ZDNet. "Apple pays people to do the same job so we know there's value to this work." Miller also told reporters that he targeted Safari on Mac OS X because he believes that it is the easiest to exploit. Windows, on the other hand, he claims is tougher because of its address randomization feature and other security measures. As for Chrome, he says that he has identified a security bug in Google's browser but has been unable to exploit it because the browser's sandboxing feature and the operating system's security measures together pose a formidable challenge. The game isn't over yet. During the second day of the event, the focus will turn towards Chrome. Nils, who demonstrated impressive skill during the first day by conquering the three most popular browsers, might have a few more tricks up his sleeve. According to the official rules, the participants will be permitted to use plugins during the second day.

A suprising result? I suppose somebody must eventually get security right.  :gum:

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Chrome only browser left standing after day one of Pwn2Own
« Reply #1 on: March 22, 2009, 10:43:04 am »
top 3 browsers? .... that would be IE firefox and safari..... now they are going after chrome... but still no mention of the opera browser....

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Chrome only browser left standing after day one of Pwn2Own
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.021 seconds with 23 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!