Information Security News
mailing list archives
Pwn2Own: The perfect antidote to fanboys who say their platform is safe
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 14 Mar 2014 08:51:00 +0000 (UTC)
By Dan Goodin
March 13, 2014
For the past seven years, an annual hacker competition that pays big cash
prizes has driven home the point that no Internet-connected software,
regardless of who made it, is immune to exploits that surreptitiously
install malware on the underlying computer. The first day of this year's
Pwn2Own 2014 and the companion contest that ran concurrently stuck with
much the same theme, with successful hacks of the Internet Explorer,
Firefox, and Safari browsers and Adobe's Flash and Reader applications.
Contestants from Vupen, the France-based firm that sells fully weaponized
exploits to governments it deems non-repressive, fetched $400,000 during
day one of the two-day event. The haul came from exploits that allowed
team members to gain full control over IE, Firefox, Flash, and Reader.
Vupen's Firefox attack was one of three hacks that successfully
compromised the Mozilla browser, with researchers Mariusz Mlynski and Juri
Aedla also taking it down, feats that won them $50,000 each. At the
Pwn4Fun contest held at the same CanSecWest security conference,
researchers from Google toppled Apple's Safari browser, and their
counterparts from HP commandeered IE.
During day two, Chrome was on tap to be tested. If it is successfully
felled, it wouldn't be the first time. Meanwhile, George "GeoHot" Hotz,
the hacker who famously bypassed the copyright restrictions of the Sony
PlayStation 3, reportedly became the fourth contestant to defeat Firefox
during day two. Update: Vupen has reportedly pwned Chrome as well.
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
- Pwn2Own: The perfect antidote to fanboys who say their platform is safe InfoSec News (Mar 14)