Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Chrome Firefox Internet Explorer Safari

Pwn2Own 2012 Set To Reveal More Browser Vulnerabilities Than In the Past 57

Posted by Soulskill from the quality-over-quantity-but-quantity-is-good-too dept.
darthcamaro writes "In any given year, Slashdot always has stories about how a researcher hacked a browser in only a few minutes at the Pwn2own hacking challenge. This year the rules are a bit different, and instead of hackers winning for just one vulnerability, the rules allow for multiple vulnerabilities to be presented. The winner isn't the first one to hack a browser, but is the one that can hack the browser the most. 'In the past, due to the way the competition was architected, we had lots of sensationalist headlines, things like "Mac hacked in three seconds,"' said Aaron Portnoy, Manager of the Security Research Team at HP TippingPoint. 'We don't think that type of sensationalism was representative of all the research that was going on.'"
This discussion has been archived. No new comments can be posted.

Pwn2Own 2012 Set To Reveal More Browser Vulnerabilities Than In the Past More

Pwn2Own 2012 Set To Reveal More Browser Vulnerabilities Than In the Past

Comments Filter:

  • Re:Also helps with vulnerability hoarding (Score:4, Interesting)

    by robbak ( 775424 ) on Tuesday January 24, 2012 @04:11AM (#38802353) Homepage

    As well, all contestants should reveal all techniques they intend to use a part of their application. All these reports would be provided to the vendors after the competition.

  • Re:Actually an extremely good point (Score:4, Interesting)

    by mjwx ( 966435 ) on Tuesday January 24, 2012 @04:36AM (#38802465)

    And yeah, this has happened in previous years, Safari scheduled to be attacked first so the media and anti-Apple people online scream about how Safari is the least secure browser because it was broken "first"

    I dont suppose that you've considered that Safari gets broken first and fastest because there are a lot of undiscovered exploits, due largely to the fact that no-one targets safari as a browser due to low usage. Pwn2Own requires an entirely new exploit (otherwise I'm sure IE would be down in a number of nanoseconds)

    BTW, Safari was not simply broken first, it was broken fastest, this is important as you pointed out the demonstrations took place at different times.

    IE, Chrome and Firefox all have larger user bases, it stands to reason that they will have fewer undiscovered exploits then Safari because they are targeted more often.

  • Re:Actually an extremely good point (Score:5, Interesting)

    by Anonymous Coward on Tuesday January 24, 2012 @05:02AM (#38802549)

    Safari scheduled to be attacked first so the media and anti-Apple people online scream about how Safari is the least secure browser because it was broken "first"

    The schedule is not relevant, the Mac was hacked in the shortest amount of time which is why we say it was hacked "first".

    And what pissed all you fanboys off wasn't how fast it got hacked, but the statement by the hacker that he chose the Mac because "it was the easiest to compromise quickly".

    If Apple would stop its misleading marketing campaign, and if Apple's users would stop with the constant "Derp derp my Mac is 100% immune to any and all malicious activity of any kind" then we wouldn't laugh at your ass all the time.

  • The only targets are OS X Lion or Windows 7 (Score:4, Interesting)

    by Sits ( 117492 ) on Tuesday January 24, 2012 @09:50AM (#38804111) Homepage Journal

    Where does it say you can't use Linux for browser testing?

    From the rules page [zerodayinitiative.com]:

    The targets will be running on the latest, fully patched version of either Windows 7 or Lion.

    Back in 2008, Linux was a available as a target in Pwn2Own [engadget.com] but in an interview Aaron Portnoy of TippingPoint explained that Linux is now not included in Pwn2Own to avoid controversy [internetnews.com].

  • Re:Actually an extremely good point (Score:4, Interesting)

    by tlhIngan ( 30335 ) <[ten.frow] [ta] [todhsals]> on Tuesday January 24, 2012 @12:45PM (#38806777)

    I dont suppose that you've considered that Safari gets broken first and fastest because there are a lot of undiscovered exploits, due largely to the fact that no-one targets safari as a browser due to low usage. Pwn2Own requires an entirely new exploit (otherwise I'm sure IE would be down in a number of nanoseconds)
     

    Possible, but given it's Pwn2Own, the machine you "pwned" is the machine you win.

    And given in the past you had a choice of Macbook Pro (OS X), a Sony Vaio (Windows) and sometihng else (for Linux), and had the ability to choose what computer you wanted, what would you go for?

    Most would go for the Macbook purely because it's a nice decent machine that happens to look and function great (and runs Windows and Linux). If I had a series of exploits that worked on all three platforms, I'd go after the Mac first just to win that over a Sony. Then I'd go for the Sony next (if it wasn't for the crapware, at least they're nice looking machines).

    Once that was won, people concentrated on the next machine that was second on their list, etc. Smart contestants go after the computer no one is breaking in as they have a greater chance of winning a free computer.

    And despite the /. crowd chanting "FUNCTION FIRST, not form", most people seem to consistently go for the Macs.

    Given the machines are all around the same value, perhaps a fairer comparison would be if everyone of them was a Macbook Pro or so, running the OS of choice (after all, Windows and Linux run great on a Macbook Pro - I know Ubuntu has a EFI installer that boots natively).

Slashdot Top Deals

Save the whales. Collect the whole set.

Close