RSS Feed
4:05 AM
mobileinfo
Hackers at last week's Pwn2Own contest had a bright days with some of the world's most popular browsers, but they do not clean sweep.
Pwn2Own enables security experts against Web browsers on laptops and smartphones. At stake are cash prizes of $ 15,000 per exploit along with the actual hardware which browsers were hacked. In all cases required takes advantage of the only user to visit a malicious Web site. After the attacker is free to run programs, write new files remotely or gain access to sensitive data such as address book on smartphones.
Here is a round-up of the winners and losers:
Apple had a poor showing at Pwn2Own, with both mobile and desktop versions of Safari hacked, Ars Technica reports. French security fixed VUPEN took down desktop Safari with a combination of well-known techniques for operating system protection and new code to do these techniques work on 64-bit systems. IPhone fell to Charlie Miller and Dion Blazakis, which compromised smartphone via a special Web page. Apple has since protected even against specific exploit used by Miller and Blazakis, but the underlying security error will still exist.
Microsoft's Internet Explorer 8 also fell to hackers. Stephen fewer of harmony security used three vulnerabilities to execute code on the 64-bit Windows 7 Service Pack 1. Fewer said the attack took five to six weeks to put together.
Other mobile platform falls was research into Motion's the Blackberry. Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann used a bug in Blackberry's Webkit browser, but it was not easy; a little documentation is available on the Blackberry system internals, and they had to the food chain, three missing together to run their exploit code, according to Ars.
But it was not all bad news. Google Chrome survived competition--his third successful Pwn2Own in a row--and Mozilla's Firefox escaped the attacks for the first time since it was part of the competition in 2009, according to Computerworld. However, the released Chrome uses the same Webkit engine as was used for Blackberry hack and so that Google already has a patch that solves the problem. (This means Google's $ 20,000 bug bounty went unannounced.) Microsoft's Windows phone 7 and Google's Android phones also emerged unhurt.
If all this talk about to compromise system hacks and malicious sites makes you nervous, worry not; Contest Rules provide that hackers cannot release their findings until they are patched as browser makers. Still, I would go traipsing around the Internet with reckless abandon--at least not without some good anti-virus and anti-malware software.
0 comments:
Post a Comment