IE8 and Safari hacked at Pwn2Own, nobody tries Chrome

Matthew DeCarlo

Matthew DeCarlo

Posts: 5,271   +103
Hackers successfully compromised Safari and Internet Explorer during the first day of Pwn2Own. The event began yesterday at 3:30PM PT and a group from French security firm Vupen exploited Safari 5 running on a MacBook Air in only five seconds, according to Computerworld. That's despite Apple releasing a last minute patch (v5.0.4) to prevent contestants from using known bugs. In addition to keeping the MacBook Air, the team earned a smooth $15,000 for its accomplishment.

Read the whole story
 
G

Greg S

Posts: 1,607   +442
I would think firefox would be compromised rather quickly because it is open source. People can just examine code and then find a snippet that could be used to exploit it. I know that it really isn't that easy to do, but I'm sure the developers of it could come up with at least one loop hole somewhere.
 
G

Guest

That's also the power of open source the group at the head of the distrbution or a concerned users, see's it, submits the bug and it gets fixed very fast.
 
princeton

princeton

Posts: 1,674   +1
Win7Dev said:
I would think firefox would be compromised rather quickly because it is open source. People can just examine code and then find a snippet that could be used to exploit it. I know that it really isn't that easy to do, but I'm sure the developers of it could come up with at least one loop hole somewhere.
Click to expand...

Since firefox is a browser that many hackers use the hackers report bugs they find instead of exploiting them.
 
mario

mario

Posts: 398   +17
@Win7Dev Well almost every browser is open source or a good part of it, Chrome and Safari use the open-source Webkit rendering engine, Chrome's chrome (UI) and its javascript interpreter is also open, Firefox is open from head to toes, the only private ones are Opera and IE.

Chrome is the toughest to crack because it runs every tab in its own sandbox making it very difficult for exploits to run arbitrary code. Webkit2, the next version of webkit, will have this functionality built-in, it's supposed to be implemented in Safari with OS X Lion.
 
N

NeoFryBoy

Posts: 72   +0
I wouldn't call that winning. That's like sitting in a dunk tank and no one wants to throw the ball. Disappointing for everyone.
 
J

Jurassic4096

Posts: 155   +0
neofryboy said:
I wouldn't call that winning. That's like sitting in a dunk tank and no one wants to throw the ball. Disappointing for everyone.
Click to expand...

very poor analogy... but if you find a standard dunk tank that pays $20,000 for hitting it, i'm in.
 
A

aj_the_kidd

Posts: 555   +0
jurassic4096 said:
neofryboy said:
I wouldn't call that winning. That's like sitting in a dunk tank and no one wants to throw the ball. Disappointing for everyone.
Click to expand...

very poor analogy... but if you find a standard dunk tank that pays $20,000 for hitting it, i'm in.
Click to expand...
Umm, Google challenged people to hack them and no one "throw the ball", its a good analogy if you ask me. Poor chrome least you didn't get "wet"
 
G

Guest

I'll be very curious to see if anyone can hack Opera. It may have a lower share of the browser market, but it is hands down the best browser I have ever used. There is something fishy about no-one even attempting to hack Chrome. Plus, I would never use a browser or any other software or hardware that is sponsored by a company who's primary business is collecting data.
 
princeton

princeton

Posts: 1,674   +1
aj_the_kidd said:
jurassic4096 said:
neofryboy said:
I wouldn't call that winning. That's like sitting in a dunk tank and no one wants to throw the ball. Disappointing for everyone.
Click to expand...

very poor analogy... but if you find a standard dunk tank that pays $20,000 for hitting it, i'm in.
Click to expand...
Umm, Google challenged people to hack them and no one "throw the ball", its a good analogy if you ask me. Poor chrome least you didn't get "wet"
Click to expand...

I'd call it a bad analogy because if I was in a dunk tank I wouldn't be disappointed if nobody dunked me :p
 
matrix86

matrix86

Posts: 852   +39
I'm with aj on this one. Chrome would win if someone tried and didn't succeed. You can't call something uncrackable when nobody tries to crack it. Intimidation is no excuse. Somebody who knows what they're doing needs to grow a pair and have it. They all seem to be taking the easy way out. They know Firefox, IE, and Safari can be cracked, so they go with it. But Chrome is tight is would take a lot more work. What would you rather go for? A browser that you have a good chance at cracking and winning the prize money? Or a browser that's hard to crack, causing you to not get any prize money?
Although considering it's been untouched for the past 2 years, there should be no excuse for this. Someone at least try it!
 
A

aj_the_kidd

Posts: 555   +0
matrix86 said:
I'm with aj on this one. Chrome would win if someone tried and didn't succeed. You can't call something uncrackable when nobody tries to crack it. Intimidation is no excuse. Somebody who knows what they're doing needs to grow a pair and have it. They all seem to be taking the easy way out. They know Firefox, IE, and Safari can be cracked, so they go with it. But Chrome is tight is would take a lot more work. What would you rather go for? A browser that you have a good chance at cracking and winning the prize money? Or a browser that's hard to crack, causing you to not get any prize money?
Although considering it's been untouched for the past 2 years, there should be no excuse for this. Someone at least try it!
Click to expand...
Yeah I thought hackers were all about notoriety. I'd want to be part of team which hacked Chrome and told Google to "Sit down, be quiet, cause I just hacked your browser *****, now give me that money" :)
 
A

aj_the_kidd

Posts: 555   +0
I think you mean that Google have given out $100,000 in rewards but if not please provide a source. Seems a little unlikely that they would be rewarding people $150,000 for each exploit found
 
Rick

Rick

Posts: 4,512   +66
aj_the_kidd said:
I think you mean that Google have given out $100,000 in rewards but if not please provide a source. Seems a little unlikely that they would be rewarding people $150,000 for each exploit found
Click to expand...

They were offering $1337 USD per exploit found... a funny figure.
 
You must log in or register to reply here.

Similar threads

Shawn Knight
Web Fully patched versions of Firefox, Chrome, IE 11 and Safari exploited at Pwn2Own hacking competition
Replies
9
Views
2K
Guest
G

Latest posts