Filed under: Internet, Security, Browsers
Safari hacked in a flash at Pwn2Own 2009, Firefox and IE8 follow
"It took a couple of seconds. They clicked on the link and I took control of the machine," said Miller. It's safe to say that when Apple proclaimed Safari "the fastest browser on the planet," that they weren't referring to how soon it would fail at the competition.
None of the three browsers on display made it out unscathed: a competitor known only as Nils was the next to overcome Safari, and he later took down Firefox and Internet Explorer 8. It's an important reminder to all of us that - regardless of what browser we're using - someone out there is hard at working looking for an exploit that could put us at risk, too.
[via ZDnet]
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
PT said 10:10AM on 3-19-2009
Nothing I wouldn't be expecting...
Reply
hazard said 10:15PM on 3-19-2009
Actually I'm quite surprised that OSX could be owned so easily .. just goes to show no matter how well you design an OS you can never account for bad programming.
Todd said 10:16AM on 3-19-2009
"IE8 gets people to the information they need, fast, and provides protection that no other browser can match." - Steve Ballmer March 18, 2009
http://news.prnewswire.com/ViewContent.aspx?ACCT=109&STORY=/www/story/03-19-2009/0004991142
Reply
Evenio said 11:03AM on 3-19-2009
And I wonder how many months they were each sitting on their respective exploits so that they could win cash and gear instead of just gratitude? I'm not saying that Apple doesn't need to step up their game in security, because they clearly do, but contests like this don't necessarily encourage the betterment of computer platforms' security, but rather, they encourage people like the contestants to hold off on submitting their exploits, increasing the risk that someone less "altruistic" will find them as well. The flawed principle of these contests temper any claims that Safari or Firefox or even IE8 is "less secure" than the competition, in my opinion.
Reply
phray said 11:31AM on 3-19-2009
Charlie actually said that he'd been sitting on his exploit for about a year. So you're totally right, that's a long time to NOT disclose your exploit. But at the very least, the rules state that all exploits must be fully disclosed. So this contest does actually encourage betterment of security... eventually.
It's better than the guy never disclosing the 'sploit, I suppose.
Counsel said 11:40AM on 3-19-2009
I am not sure how the competition is any different that simply offering cash to the "general public" to disclose exploits. You might get more exploits shown...
Either way, I think that if calling a company and saying "I know of an exploit, and I am going to release it to the general public unless you pay me 5 quid" is a crime, then who, exactly, this type of "reward" does not encourage anyone to simply disclose (when they find it) an exploit.
Oh wait... We wouldn't want to encourage appropriate disclosure anyway... What was I thinking?
Reply