Safari and IE8 Were the First to Fall at Pwn2Own

Status
Not open for further replies.
[citation][nom]kilo_17[/nom]It fascinates me how they can crack these browsers in seconds.[/citation]
Why? Considering:
Fewer told Ars that it took him five to six weeks to put together the attack.
 

Mr_Bojangles

Distinguished
Feb 1, 2009
40
0
18,530
[citation][nom]kilo_17[/nom]It fascinates me how they can crack these browsers in seconds.[/citation]

It fascinates me how people can take things so widely out of context. The amount of preparation is what you should look at, not the time frame from within the attack was executed.
 

JMcEntegart

Splendid
Aug 25, 2007
8,445
0
30,780
[citation][nom]kilo_17[/nom]It fascinates me how they can crack these browsers in seconds.[/citation]

They come up with the exploits prior to the contest and then when the contest starts it's just a case of just running it. Still very impressive, though. Particularly when you consider the fact that Apple patched Safari the day before the competition. That could easily have neutralized VUPEN's exploit.
 

masterjaw

Distinguished
Jun 4, 2009
1,159
0
19,360
This only shows that Apple is no better than Microsoft in terms of security. The ones who claim that "Mac OS is more secure than Windows" is because of its Unix nature, not because of Apple. Heck, even Mac OS is easily defeated during hacking events.

Makes you wonder how would be our security landscape if Apple did got 70-80% of world's computing resources.
 

chick0n

Distinguished
Aug 17, 2010
167
0
18,680
[citation][nom]masterjaw[/nom]This only shows that Apple is no better than Microsoft in terms of security. The ones who claim that "Mac OS is more secure than Windows" is because of its Unix nature, not because of Apple. Heck, even Mac OS is easily defeated during hacking events.Makes you wonder how would be our security landscape if Apple did got 70-80% of world's computing resources.[/citation]

Steve will come out and say :

"You use the internet wrong."
 

slothy89

Distinguished
Jan 9, 2011
75
0
18,640
[citation][nom]JohnnyLucky[/nom]Do the hackers reveal their methods?[/citation]Yes they do, to the owners of the failed software so they can patch the exploits. These guys are known as "White Hat" hackers, or Crackers.

No, they do not publish them publicly to allow "Black Hat" hackers to exploit them for malicious purposes.

This is a professional event designed to test and FIX issues with the worlds popular Browsers and OS's
 

bsbsbsbs

Distinguished
Jun 30, 2010
122
0
18,680
Can basically anything can be hacked?

Yes it can.

What was that quote from BTTF? Oh yeah, "If you put your mind to it, you can accomplish anything" Marty to George Mcfly.
 
I just wonder where IE9 and FF4.0 came in. Both are great browsers.

As for Safari, it shows just how vulnerable Mac OSX really is. Since Apple doesn't have many viruses, they don't worry about patching holes. I can imagine if a bad virus got out, a lot of Mac fans would be pissed.

But Jobes would just tell them they are using it wrong anyways.
 
[citation][nom]endgadget[/nom]"Safari and IE8 Were the First to Fall at Pwn2Own"Shouldn't that be, "Safari was the first to fall at Pwn2Own"?[/citation]
Yes, but that would be tantamount to admit that Safari (an Apple product) is less secure than IE8 (a Microsoft product). You will not see such a thing on certain websites, this one included.
 

Shodar

Distinguished
Sep 19, 2006
64
0
18,630
[citation][nom]virtualban[/nom]Funny, and let's have a conspiracy theory about this too[/citation]

The hacker for Chrome must of been an no-show because he was too busy fighting off the army of Androids that Google sent out to hunt him down and "take him out".
 

molo9000

Distinguished
Aug 14, 2010
646
0
18,990
[citation][nom]house70[/nom]Yes, but that would be tantamount to admit that Safari (an Apple product) is less secure than IE8 (a Microsoft product). You will not see such a thing on certain websites, this one included.[/citation]
LOL
This isn't Hollywood. What the hackers do at pwn2own is execute attacks that were prepared and tested long before the event even started.
Which system falls first is determined by the organizers, who decide when a hacker gets to attack what, and has nothing whatsoever to do with security.
 

virtualban

Distinguished
Feb 16, 2007
1,232
0
19,280
[citation][nom]Shodar[/nom]The hacker for Chrome must of been an no-show because he was too busy fighting off the army of Androids that Google sent out to hunt him down and "take him out".[/citation]
LOL
 
G

Guest

Guest
@molo9000

or the hacker could have failed at compromising the system, which has everything to do with security.....
 

falchard

Distinguished
Jun 13, 2008
2,360
0
19,790
Chrome wins with poorly written code. The hackers have difficulty understanding it, and everyone has difficulty writing programs for it.

Still this is quite an achievement for Microsoft. Safari cracked using an exploit from 5 iterations ago. IE8 requires 3 different hacks and it took weeks to develop. I am sure the same preperation would be needed for Firefox.
 

molo9000

Distinguished
Aug 14, 2010
646
0
18,990
[citation][nom]CompleteControl[/nom]@molo9000or the hacker could have failed at compromising the system, which has everything to do with security.....[/citation]
Yes but "first to fall" is meaningless.
 
G

Guest

Guest
@molo9000

agreed, order of precedence has no impact what so ever, a failure is a failure no matter who goes first or last
 
Status
Not open for further replies.