Exclusive Deal While supplies last, save 40% off over 40 iPhone 5 and iPhone 4/4S cases and chargers as well as Samsung S III cases at Kensington.com. Use coupon code 'SAVE40%' at checkout to receive this exclusive discount.      
toggle

AAPL Stock: 442.14 ( 0 )

http://www.macnn.com/articles/09/03/19/pwn2own.results/

IE8, Safari and Firefox all hacked at Pwn2Own

updated 04:25 pm EDT, Thu March 19, 2009

 

Pwn2Own results


On the first day of the Pwn2Own contest at the CanSecWest conference, hackers successfully compromised fully-patched copies of Internet Explorer 8, Safari and Firefox, according to ZDNet. A MacBook running Safari was hacked in seconds by Charlie Miller, winning him the notebook and a $10,000 purse. His previous performance was also impressive, requiring just minutes to take control of a MacBook Air.

An individual known as Nils was able to hack a Sony Vaio running Windows 7 and a patched version of IE8, Firefox and Safari. He also took advantage of vulnerabilities in Firefox and Safari, winning a cash prize and the Vaio notebook.

Company representatives were present to view the exploits. Terms of the contest require that the vulnerabilities remain undisclosed until the software companies have a chance to release a patch.


by MacNN Staff

Post tools:

TAGS :

 security, Apple

Related Articles

Recent Articles

toggle

Comments

  1. Mr. Strat

    Junior Member

    Joined: Jan 2002

    +2
    03/19, 05:42pm | report spam | Reply |

    Unimpressed

    Show me someone hacking in without admin rights...without physical access...then I might be impressed. Pulling a cheap trick that relies on PEBCAK...BFD.

  1. martinX

    Fresh-Faced Recruit

    Joined: Sep 2008

    -1
    03/19, 06:09pm | report spam | Reply |

    Great contest

    This gives white hat hackers a chance at (a) remuneration and (b) kudos. Might help keep people away from the Dark Side.

  1. Zkatz007

    Fresh-Faced Recruit

    Joined: May 1999

    0
    03/19, 06:11pm | report spam | Reply |

    Repeat?

    Didn't this already happen? And weren't @Mr. Strat's arguments stated then, too?

  1. lkrupp

    Junior Member

    Joined: May 2001

    +3
    03/19, 06:19pm | report spam | Reply |

    The only problem is...

    The various tech media a reporting ONLY that Safari was compromised. They aren't mentioning the other browsers. Only Mac media sites are reporting that all three browsers were hacked. I wonder why that is?

  1. johnsonua

    Fresh-Faced Recruit

    Joined: Aug 2003

    +5
    03/19, 07:51pm | report spam | (2 replies) Reply |

    Hardly 'just minutes'

    They were allowed to do all the work in advance, finding the exploit, crafting a web page to take advantage of it and the on-scene 'exploit' consisted of the winners directing the people at the keyboards to "click on the link here, please".

    This is merely cheap gimmicry.

    When he can attack a Mac without having the user unlock the front door for him and invite him in, then it will be newsworthy.

  1. mgpalma

    Fresh-Faced Recruit

    Joined: Sep 2000

    -1
    03/20, 10:09am | report spam | Reply |

    Newsflash

    My house can be broken into and everything valuable stolen in just 5 minutes...as long as the alarm is disarmed and the front door is unlocked.

    yawn

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -1
    03/20, 10:24am | report spam | Reply |

    Re: newsflash

    Not the same thing.

    If they logged into the computer as an admin, left it on, walked away, and then someone else walked up to the machine and claimed "I hacked it!", then that would be the same thing.

    Almost every windows flaw and piece of malware is due to social engineering. Trying to get people to go to web-site A to get some video codec to see Britney spears having L****** s** with justin timberlake. Or convincing them that they need to download the latest flash plug-in (and browsers making that so much easier to con people, as users now expect the browser to install it for you, rather than downloading it yourself, then finding the disk image, opening it up, and then running the installer).

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -1
    03/20, 01:50pm | report spam | Reply |

    oh

    And if the article was all about how IE 8 was 'hacked' in the same manner, everyone here would be chortling about how insecure MS software is and such, and not defending it as a social engineering issue.

  1. fubar_this

    Fresh-Faced Recruit

    Joined: Jul 2006

    0
    03/24, 01:21am | report spam | Reply |

    Social engineering==real

    I don't know why EVERYBODY thinks that social engineering attacks don't count. That's ALL THAT EXISTS ON WINDOWS. Look it up. The last self-spreading attack on Windows occurred in 2006 (and it was caused by QuickTime ironically enough).
    Self-spreading malware has been eliminated due to software firewalls and egress filtering. But malware that spreads by asking users to click on a link is very much real, and very very real on the Mac.

    Safari/WebKit/QuickTime have had over 70 vulnerabilities every year since 2005. That's not an insignificant number, and in some years it topped Internet Explorer's vulnerability count.

    Social engineering attacks are very real. Nearly EVERYBODY runs their Mac as admin, and Mac users are no more or less likely to be susceptible to a social engineering attack than a Windows user. Why do you think Apple added anti-phishing and other anti-social engineering meausres to Safari recently?

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News