Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE8, Safari, iPhone All Fall At Pwn2Own Contest

Posted by timothy on from the sucks-to-be-everyone dept.

SpuriousLogic writes "The annual Pwn2Own contest at CanSecWest is underway, and on the first day Web browsers fell to attack. Internet Explorer 8 and Firefox 3.6.2 on 64-bit Windows 7 and Safari on OS X all were forced to run exploit code. To add insult to injury, an iPhone was cracked and the SMS database lifted from it." Updated 22:40 GMT by timothy: CWmike adds this interesting bit: "The only researcher to three-peat at the Pwn2Own hacking contest said on Thursday that security is such a 'broken record' that he won't hand over 20 vulnerabilities he's found in Apple's, Adobe's and Microsoft's software. Instead Charlie Miller will show the vendors how to find the bugs themselves."

4 of 223 comments (clear)

  1. Cue the Fanbois in three...two...one by sxedog · · Score: 0, Troll

    I feel for the Apple Fanboi's who won't be getting any sleep tonight...coming up with a defense for why their flagship product got pwned. Newsflash: nothing is secure.

    --
    If it ain't broke, DON'T fix it.
  2. BS without details by Princeofcups · · Score: 0, Troll

    Is this another benign Safari hack that has no real world application, or another one where you need physical access to the box, or another that is already patched in the newer releases? What does "were forced to run exploit code" mean? It says "hacked into a MacBook." Is this another vulnerability in a 3rd party wireless driver? I'm not saying that it's not legit, but "Safari on OS X" without versions and details doesn't tell me a whole lot. Sounds like BS to me.

    --
    The only thing worse than a Democrat is a Republican.
  3. Re:As I said elsewhere on the net: by Khyber · · Score: 0, Troll

    I work silicon, not software. I don't get exploited, nimrod, because I leave nothing for anyone to exploit.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  4. Re:Title misleading? by Alphathon · · Score: 0, Troll

    Lack of skill, knowledge and expertise perhaps? Just because someone is on slashdot does not mean that they are a programmer, or if they are a programmer are familiar enough with the code to do anything about it in a timely manner. I myself would love to be able to contribute to Firefox, but my meager knowledge of Java, Haskel and PHP don't really qualify me to, and I'm not about to learn C++ just to fix a crashing bug or bugs which will likely be fixed before I'm even passed learning the basics, and I highly doubt the parent is either. BTW, I fully intend to learn C++ at some point, but that point isn't now, that's all. Also, I don't seem to have any crashing problems with Firefox...maybe I'm just lucky.