dvlabs.tippingpoint.com - 3/21/2009
—
We are all wrapped up from this years CanSecWest and pwn2own contest, and again it was a great conference, and a successful competition. The contest uncovered 4 new and unique critical vulnerabilities affecting the latest and greatest versions of IE, Safari and FireFox. The Chrome browser gets a ...
arstechnica.com - 3/20/2009
—
arstechnica.com —
Browser vendors often make strong claims about their
responsiveness to vulnerability reports and their ability to preemptively...
prevent exploits. Security is becoming one of the most significant fronts in the new round of browser wars, but ...
(more)
Chrome only browser left standing after day one of Pwn2Own
blogs.zdnet.com - 3/18/2009
—
blogs.zdnet.com —
[ UPDATE: IE 8 and Safari also falls
] VANCOUVER, BC — Charlie Miller has done it...
again. For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in ...
(more)
Pwn2Own 2009: Safari/MacBook falls in seconds
blogs.zdnet.com - 3/19/2009
—
blogs.zdnet.com —
VANCOUVER, BC — It took a while longer
but Microsoft’s Internet Explorer 8 did not survive the...
hacker onslaught at this year’s CanSecWest Pwn2Own contest. [ ALSO SEE: Pwn2Own 2009: Safari/MacBook falls in seconds ] A security ...
(more)
Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari
Comments
Blog Reactions
Pwn2Own -- it's a wrap
Technology: Technology blog | guardian.co.uk —
... The DV Labs blog has run a Pwn2Own Wrap Up about its hacking competition, which saw three browsers hacked and one unexploitable hole in Chrome. More than that, it raises the question why all the mobile devices emerged unscathed -- and fails to answer it. It looks as though they weren't seriously attacked. However, mobile phones may do worse next year. ...
Mobile Browsers Stump Hackers
IntoMobile - Cell Phone News, Information, and Analysis —
... which can be show stoppers just between the hardware manufacturers’s themselves, or the carrier network the phone is associated with. These are just a few examples, and lack of known debuggers for many of the platforms adds limitations.
While it might be safe to call mobile software secure for the time being, I think it’s safe to say the gap between laptop and smartphone is closing, and as handsets expand in function, so will the security gaps.
[via TippingPoint]
Related News from IntoMobile: ...
Chrome survives hackers in annual browser bash
TechSpot —
... and Windows 7 security measures together pose a formidable challenge. Notably, on the mobile side of things, BlackBerry, Windows Mobile, Android and iPhone also emerged unscathed .
Google Chrome, Mobile Browsers Survive Security Challenge
Wired: Epicenter —
... That doesn’t mean flaws don’t exist, as the TippingPoint blog points out, "the mobile platform is limited by both memory and processing power…. the vulnerabilities do exist, but actually exploiting them is complicated and unpredictable." ...
Smartphones escape Pwn2Own unhacked
Boy Genius Report —
... Hackers taking part in a friendly competition aimed at highlighting OS and software vulnerabilities did some real damage to a variety of computer-based web browsers — including Safari, which took all of 10 seconds to bust on a MacBook — but where smartphones are concerned, the hackers were stumped. The competition took place at CanSecWest in Vancouver, Canada and big cash prizes were up for grabs. In fact, each successful execution of an attack on a smartphone was worth a cool $10,000. Apparently the closest someone came however, was a BlackBerry Bold exploit ...
Safari hacker talks security
Macworld —
... not much! It’s a fascinating read for anybody who’s interested in security. Miller also spends some time talking about what platform he’d recommend, and makes the excellent distinction between safety and security when it comes to your computing environment (for example, Miller says Macs are less secure—there are more vulnerabilities to exploit—but safer, because there are fewer actual exploits). For those who were curious about the eventual fallout of the PWN2OWN competition, there’s a wrap-up over on Tipping Point’s site . In the end, Google’s Chrome was the only browser to ...
Firefox patches zero-day, hacking contest bugs
Macworld —
... Web site. This update also fixes a bug disclosed to research firm TippingPoint last week by a hacker who used it to win the company’s Pwn2Own contest at the CanSecWest security conference. It was one of three used by a German hacker, who gave only his first name, Nils, to claim $15,000 in cash and a laptop as prizes. Mozilla developers had described the release as a “high-priority firedrill security update” thanks to the attack code, known as a “zero day” exploit. The quick work paid off, as they had expected it to take until early next week to complete testing. Mozilla ...
Related Content
DVLabs | Pwn2Own Day 2
dvlabs.tippingpoint.com 3/20/2009 — The 3rd annual Pwn2Own contest kicked off its second day today at CanSecWest this morning. If you missed it, check out yesterday's browser carnage (with pics) . Today, any contestant could attempt to break into a fully patched browser (IE8, Firefox, ...
DVLabs | Pwn2Own 2009
dvlabs.tippingpoint.com 2/26/2009 — TippingPoint's Zero Day Initiative (ZDI) team is pleased to announce that we will once again be sponsoring this year’s Pwn2Own contest for the 3rd year running. The contest will be held during the CanSecWest Security Conference March 16-20th in ...
NEWS: Safari hacked within seconds at Pwn2Own contest
pocket-lint.com 3/19/2009 — IE8 and Firefox cracked soon after In just day one of the annual Pwn2Own hacking competition, IE8 and Firefox were cracked within a matter of hours, and Safari floored within seconds.
...
Read Safari hacked within seconds at Pwn2Own contest ...
Twitter / tippingpoint1
twitter.com 3/19/2009 — DVLabs: Pwn2Own Wrap Up: Posted by Terri ForslofWe are all wrapped up from this years CanSecWest and pwn2.. http://tinyurl.com/cnaypv about 2 hours ago from twitterfeed @ thierryzoller one of the Safari ones should work on the iPhone but the bug ...
The Pwn2Own trifecta: Safari, IE 8, and Firefox exploited on day 1
engadget.com 3/25/2009 —
That didn't take long. One day into the Pwn2Own hacking competition at CanSecWest and already Apple, Microsoft, and Mozilla have been sent packing to their respective labs to work on security issues in their browsers. In a repeat performance, ...
Safari hacked in a flash at Pwn2Own 2009, Firefox and IE8 follow
downloadsquad.com 3/19/2009 —
Security pro Charlie Miller came in to Pwn2Own 2009 with a plan, and things unfolded exactly the way he wanted them to. Within seconds of the competition's start, he had already gained control over the fully-patched MacBook running Apple's Safari ...
Pwn2Own 2009: Mac falls in seconds
guardian.co.uk 3/19/2009 — Last year, at least the Mac lasted a couple of minutes before it was hacked. This year, it lasted seconds… In the annual Pwn2Own at the CanSecWest security conference in Vancouver, fully patched machines are set up, and you can win one by being ...
Questions for Pwn2Own hacker Charlie Miller
blogs.zdnet.com 3/20/2009 — VANCOUVER, BC — At the CanSecWest security conference here, I got a chance to sit down with Charlie Miller, the researcher who broke into a fully patched MacBook machine using a Safari code execution vulnerability.
We discuss the state of Web ...
Follow TechBlips on Twitter
