Internet Explorer, Firefox and Safari hacked within hours


The spotlight, however, fell on a triumvirate of the three most popular Web browsers - Internet Explorer, Mozilla Firefox and Apple Safari - all of which were publicly cracked in a matter of hours.

The conference organisers had invited attendees to display attacks that targeted previously unknown flaws in browsers or mobile devices
in the show's annual Pwn2Own contest.

For the attacks to count as valid - and the crackers to collect a $5,000 prize - they are required to demonstrate previously unknown
security flaws on their test machines.

The Pwn2Own contest was monitored by the sponsors, TippingPoint, with the resultant bug details being handed over to the relevant software vendors for patching.

Unexpectedly, Safari was the first to fall to the crackers, with last year's winner, Charlie Miller, reportedly hacking the Web browser in under a minute.

Internet Explorer 8, meanwhile, took about an hour to crack by `Nils,' a university researcher who also revealed unknown security flaws for Firefox and Safari.

Nils, who comes from the University of Oldenburg, Germany, told reporters that even the latest versions of the most popular Web browsers have security flaws, although he admitted it was not as easy as it was just a few years ago.

Nils reportedly secured a bonus of a Sony Vaio laptop on top of his $5,000 reward from TippingPoint.

The jewel in the crown for the cracking community - $10,000 for each serious security flaw shown on the five main mobile phone operating
systems: Windows Mobile, Google's Android, Symbian, and the iPhone plus Blackberry firmware/software - remained unclaimed at the end of
Wednesday.

TippingPoint, however, says it is still keen for the crackers to show their prowess on the mobile phone operating systems, and is reportedly ready with its corporate chequebook.

http://cansecwest.com

What’s Hot on Infosecurity Magazine?