Microsoft Edge: Most Hacked Browser At Pwn2Own 2017

Status
Not open for further replies.
G

Guest

Guest
So much of Windows 10 being the most secured OS. You people should stop believing Microsoft bullcrap.
 

Jeff Fx

Reputable
Jan 2, 2015
329
0
4,780
0
MS forced me to unpin Edge from my task bar. Recently Edge started popping up an ad every time I ran Chrome, to tell me Edge is faster. My OS should not be trying to use it's position to sell me on using MS junk instead of more secure tools. I thought this sort of thing was illegal.
 

shrapnel_indie

Distinguished
Microsoft created the Edge browser by rewriting most of it from scratch (some parts were forked from Internet Explorer).
TBH: we only have their word on that. There is always the possibility that much-much-more was forked into Edge from IE than they told the public.

Surprised with as much data mining Google does, that Chrome is showing as so secure.

Win10 vulnerabilities: Not so surprising, especially in light of their own personal data mining.

Win10 has the potential to be really good... MS just has to refocus on true security on ALL levels and stop poking their nose into the business of its users.
 

alextheblue

Distinguished
Apr 3, 2001
2,983
56
20,870
2

Internal data mining does not mean the program is inherently less secure. As for Windows itself, it's a lot harder to secure a long-standing full fledged OS with wide-ranging software/hardware compatibility. That's not to say they should ever stop shelling out money for vulnerability bounties, and they need to continue fixing them to the best of their abilities. But comparing a browser to an full-blown OS is silly. I mean even Android has vulnerabilities and it is a lot less complex than Windows. Windows 7 has vulnerabilities too. MS probably isn't quite as interested in paying people to scrutinize it though, compared to 10.

As for Edge, it needs a lot of work. Even so it has come a long way in a relatively short period of time. I'd say overall it's actually not bad for a stock browser. But this definitely shows they need to prioritize security in the coming year. Kudos to the security researchers for making everyone safer, and making some cash in the process.
 

shrapnel_indie

Distinguished


I probably should have probably made it clearer that this was in no way a comparison of browser vs OS. I do understand that an OS is far more complex than a browser... unfortunately, the way Microsoft embedded the browser into the OS in the past doesn't do much either in keeping the two distinct entities, which doesn't help matters.

While internal data mining doesn't mean the program or OS is less secure, it does provide paths that absolutely must be fortified against misuse and attack. I understand that everything has vulnerabilities, in which the only greatest safeguard is to never power them on... which is quite silly too as you'd never benefit from their usage. It matters not if it''s an IoT device, an OS (no matter age, usage numbers, or vendor,) or any other app or piece of data.

You are correct though about the need to prioritize security... but I would hope the benefits of such prioritization would be felt much much sooner than next year or the next contest.
 

Dosflores

Reputable
Jul 8, 2014
147
0
4,710
6
There's something I don't like about Pwn2Own: teams are allowed to target any browser. I think it would be more interesting if you could only attack a given browser each day. Otherwise, it makes sense for teams to target the weakest browsers, which obviously means Edge and Safari, because their update processes are merged with their respective OS updates. And after the Microsoft February updates fiasco, it would have been silly not trying to obliterate Edge.

So, yeah, we know Edge and Safari have lots of vulnerabilities, but we can't be sure Chrome and Firefox don't have their share.
 

buscseik

Prominent
Mar 21, 2017
3
0
510
0
I agree that, this competition should be managed different way like it was mentioned previously. E.g.: Teams have 1 day for each browser...
You can say harder to hack Chrome, but in other hand Google collect information about you every second, and nobody thinks that is a security issue :). If someone else collect information about you, than it is a security issue.

Just a simple example: Everyone agree that private mailing is one of the number one privacy object. Possibly all of you noticed your android phone will notice you about upcoming travel.
Have you been every thinking about it how your phone knows about your upcoming travel? If a bot reading your email for this information at Google, what is the guarantee there is no other bot at Google that reading your email for other private information about you?
 

buscseik

Prominent
Mar 21, 2017
3
0
510
0
I agree that, this competition should be managed different way like it was mentioned previously. E.g.: Teams have 1 day for each browser...
You can say harder to hack Chrome, but in other hand Google collect information about you every second, and nobody thinks that is a security issue :). If someone else collect information about you, than it is a security issue.

Just a simple example: Everyone agree that private mailing is one of the number one privacy object. Possibly all of you noticed your android phone will notice you about upcoming travel.
Have you been every thinking about it how your phone knows about your upcoming travel? If a bot reading your email for this information at Google, what is the guarantee there is no other bot at Google that reading your email for other private information about you?
 

cwolf78

Distinguished
Jul 8, 2009
82
2
18,635
0
"what is the guarantee there is no other bot at Google that reading your email for other private information about you?"

Um, actually there is a guarantee that there IS. Per their ToS they have an automated reader that scrapes the content of your e-mails to display "relevant" ads. I think pretty much every Google product has this "feature." They are an advertising company giving away "free" products after all.

No that I'm complaining as I find their products extremely useful and robust. I haven't had the Feds knocking on my door or have been the victim of gang stalking because I use Google products.
 

buscseik

Prominent
Mar 21, 2017
3
0
510
0
Yep, obviously that is a feature from one viewpoint(but from other, that is something that read and analyze your emails). The only question how do you name this.


I am afraid you are biased about Google. If you will try to live without Google, than you will see have no choice. You can agree with Google term and conditions or you can agree, no third option.


Just think about it, If I do not agree with Google T&C and won't accept that they can collect information about me. What will happen if I visit a third party page that has Google plugin? It will collect information about me or not?


The fact is Google tracking every people.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS