IE8, Safari, iPhone All Fall At Pwn2Own Contest 223
SpuriousLogic writes "The annual Pwn2Own contest at CanSecWest is underway, and on the first day Web browsers fell to attack. Internet Explorer 8 and Firefox 3.6.2 on 64-bit Windows 7 and Safari on OS X all were forced to run exploit code. To add insult to injury, an iPhone was cracked and the SMS database lifted from it."
Updated 22:40 GMT by timothy: CWmike adds this interesting bit: "The only researcher to three-peat at the Pwn2Own hacking contest said on Thursday that security is such a 'broken record' that he won't hand over 20 vulnerabilities he's found in Apple's, Adobe's and Microsoft's software. Instead Charlie Miller will show the vendors how to find the bugs themselves."
Re:As I said elsewhere on the net: (Score:3, Funny)
Holy Shit (Score:3, Funny)
Instead Charlie Miller will show the vendors how to find the bugs themselves.
Well, there's an idea. Is it something that really can be taught?
Re:BS without details (Score:1, Funny)
Aww, another knee-jerk Apple fanboy.
*pats you on the head* There there, little man, Mr. Jobs will make it all shinier so you don't have to think about it.
Re:Title misleading? (Score:5, Funny)
Wimp. Firefox is open source. Why didn't you fork the project, fix the crashing problem, and then offer the patch code upstream while distributing Firefox under your own branding?
That's how open source is supposed to work, you ninny. Why don't you actually participate in it once in a while, instead of just being an end user?
Re:Misleading; no credibility (Score:5, Funny)
This wasn't because Linux was safer, it was because we all knew Windows was a softer target.
Whoa, whoa, WHOA. Just stop right there, Bill. I'm going to have to teach you a thing or to about what you're allowed to write here on Slashdot. Now give me a second to get on my high-horse.
Reasoning is not welcome here.
That's right Bill. We don't need your reasoning here. We know we are right. This is Slashdot! We are the tech community. We know our OSes. We know our software. Just because of some contest with some rules and some teams that want to win the contest by the rules doesn't automatically invalidate our knowledge and wisdom as Slashdot.
Linux is more secure because it is open source and licensed under the GPL. It doesn't matter if it is still unsafe by your standards.
You see, Bill, we on Slashdot do not need to review the source code of Linux because we have declared it safe. Why is it safe? Because it is GPL. And everyone knows the GPL is safe. Therefore Linux is safe, Bill.
IE8 is mentioned first because it is owned by Microsoft, and Microsoft is evil due to historical technology atrocities against other for-profit software corporations. Therefore IE8 is the worst piece of software ever to exist.
So the reason why IE8 falls faster is not because you and your team thought the Microsoft product was "softer". It was because it was the spawn of the devil! Even wackos know the spawn of the devil should be hacked first. Don't you agree?
Firefox is not listed in the title because we need to get a head start on bashing proprietary software rather than reading the summary.
As a real Slashdotter, I pride myself in not reading the article let alone the summary. The title effectively summarizes the direction of all comments in the thread. And that direction is to bash proprietary software, starting with Microsoft first.
Here's a tip, Bill. The headline on Slashdot should give you a hint at what kind of comment you should post on Slashdot. If you are not capable of discerning that from the title, only then may you read the summary. Reading the article is only reserved for picking out additional points to backup your original claim, not to invalidate Slashdot's wisdom. And that would never happen because Slashdot's wisdom is never wrong in the first place.
Apple and Google are bad... but did you know that OSX is really UNIX and Webkit and Chrome are open source?
See, once again open source products are good for you. You should use open source products!
I hope that clears things up, Bill. Please refrain from posting useless comments in the future.
Thanks,
/.
Re:Kudos to Peter Vreugdenhil (Score:3, Funny)
I've had it with these motherfucking bugs on these motherfucking browsers!
Re:Title misleading? (Score:5, Funny)
I propose a new moderator option:
-1 Woosh
Re:So 64-bit ASLR on Windows is flawed as well... (Score:4, Funny)
"Wait, wait, don't tell me: Running an 8 year old development platform written by amateurs with an unsupported 3rd-party plugin in a 32-to-64-bit emulation layer on a modern operating system is unstable? Oh my fuck, it's Armageddon!"
You don't get it, do you?
That the application were unstable would be no news. That your 8 year old amateurish application can corrupt the memory space of a modern 64-bit OS *is* Armaggedon for the OS architect... or it should be, at the very least.
Re:On the other hand... (Score:3, Funny)
The safest bridge is one that prevents people from getting on it.
But woe to those who go under it.