Posted on 03/20/2015 2:41:46 PM PDT by Swordmaker
So much for browser security. Researchers who participated in the Pwn2Own hacking contest this week demonstrated remote code execution exploits against the top four browsers, and also hacked the widely used Adobe Reader and Flash Player plug-ins.
On Thursday, South Korean security researcher and serial browser hacker JungHoon Lee, known online as lokihardt, single-handedly popped Internet Explorer 11 and Google Chrome on Microsoft Windows, as well as Apple Safari on Mac OS X.
He walked away with US$225,000 in prize money, not including the value of the brand new laptops on which the exploits are demonstrated and which the winners get to take home.
(Excerpt) Read more at pcworld.com ...
IMHO, you’re not pwned if your attacker doesn’t get #. What good is a user account on *nix?
I agree. . . however, the challenge on this Pwn2Own contest was to crack into the browsers. They did. Extra credit was given for getting to root or system. That was only accomplished on the Windows machine.
Thanks, I may want to try Firefox and see.
I am thinking of a new laptop but I think I will wait until Windows 10 comes out.
Anyone know what the target date for Windows 10 is?
BFL
Excuses. Fact OSX has been the first hacked. And it’s not like the Russians and Chinese don’t have guys as smart as NASA. So it doesn’t make the mac more secure by being obscure.
It is not a timed contest, for-q-clinton. . . it just mattered who got the first choice of which computer to take a stab at. First Shmish! These "hacks" also required the active participation of the user. . . the "referees" had to invoke them on the targeted computer. . . to go download a file and run it. Sorry. Not much of a hack when it is basically a trojan. The "security by obscurity" canard is false. . . and has been shot down by examples such as the Witty Worm and other examples in the Windows world. Sorry, no banana for you.
"The final count for vulnerabilities exploited this year stands as follows: five flaws in the Windows OS, four in Internet Explorer 11, three each in Mozilla Firefox, Adobe Reader, and Flash Player, two in Apple Safari and one in Google Chrome. "
To put that in graphic perspective:
(Note the biasing effect of leaving out zero...)
The real point is that nothing is truly safe and browsers are being used all the time and will be hacked. The only truly safe machine is one that is disconnected from the network - trying to protect them will be semi-effective (unless layered behind several points of scrutiny by adept folks) and all take some of the speed away.
You get to the OS through the browser.
I didn’t mention the OS - and everyone knows Windows sucks that way — even spawning an entire multibillion $ industry.
My takeaway from the article is all browsers can be hacked — that is about it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.