4/1/10 – Firefox Announces Monthly Subscription for Web Access
Jk. Hah, could you imagine? April fools. 😛 Anyways….
Pwn2Own 2010: Browsers and iPhone Get Pwned!
A wise geek defines computer hacking as “the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.” Now usually when you think of a hacker, you might picture some scrawny arrogant nerd whose computer’s cost could easily have bought a car. Well, I’m sure there’s probably a few out there like that anyways, but you can be sure that these guys or even girls know a lot about computer technology.
For the past four years at the CanSecWest security conference, there has been a contest called Pwn2Own where hackers are put to the test to break through security features in software such as Firefox, Internet Explorer, Safari, operating systems, and even the iPhone to win cash prizes and related benefits. For this year’s competition, held in Vancouver on March 24th, there were two main issues that the hackers had to exploit in order to get the prizes, he first one being security posture of market-leading web browsers and operating system pairings; and the second target being vulnerabilities affecting mobile phones.
Two contestants were able to successfully hack Safari on the iPhone. Ralf Philipp Weinmann of the University of Luxembourg and Vincenzo Iozzo of German company Zynamics were able to grab key data in an iPhone and found a vulnerability in Safari that pulled SMS database data including deleted messages, contacts, pictures, and iTunes music files. The joint hackers shared a $15,000 prize, and each took ownership of an iPhone.
$40,000 of the total $100,000 in cash prizes was sectioned for hacking browsers. The targets used at this competition were the latest versions of Apple’s Safari, Google Chrome, Internet Explorer, and Firefox with each browser being hacked worth $10,000. The results? All of the latest versions of these, meaning the one’s that we use pretty much every day, were successfully hacked on the first day, except for Google Chrome.
Charlie Miller, a principal security analyst at consulting form Independent Security Evaluators, remotely located a hole in the Safari browser of a MacBook Pro and launched a remote session on a target MacBook opening a command shell enabling him to see ALL of the files on the MacBook. To recap what this guy got $10,000 for, he launched the newest version of Safari and found holes in its security design and was able to connect through the browser to another computer and access all the files. The results for Internet Explorer and Firefox were similar and performed by Peter Vreugdenhil, an independent security researcher, and a hacker named Nils, the head of MWR InfoSecurity.
Now this could make you question how safe the browsers and other software we use actually are. No worries here though, because with the results of the contest, though embarrassing for the companies, the hackers provide them in detail the steps they took to hack their programs. With this valuable information, the companies can make critical updates to their software at a fraction of the time and cost it takes to thoroughly test for flaws in a program.
Makes me wish I had some hacking skills, but only for gloating reasons, I promise.
Thanks for reading and don’t forget the quiz on blackboard on the second page. Here’s the link to the full article!
Entry filed under: Uncategorized.