IE8, Safari, iPhone All Fall At Pwn2Own Contest
SpuriousLogic writes "The annual Pwn2Own contest at CanSecWest is underway, and on the first day Web browsers fell to attack. Internet Explorer 8 and Firefox 3.6.2 on 64-bit Windows 7 and Safari on OS X all were forced to run exploit code. To add insult to injury, an iPhone was cracked and the SMS database lifted from it."
Updated 22:40 GMT by timothy: CWmike adds this interesting bit: "The only researcher to three-peat at the Pwn2Own hacking contest said on Thursday that security is such a 'broken record' that he won't hand over 20 vulnerabilities he's found in Apple's, Adobe's and Microsoft's software. Instead Charlie Miller will show the vendors how to find the bugs themselves."
Some of these exploits only took two weeks from conception to exploitation. TWO WEEKS. New product comes out, and POSSIBLY in 14 days you're fucked?
It seriously sounds like these idiots need to drop all high-level programming and go straight back to learning the BASICS first. Assembler and tight fucking code and source control.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
You mean to say we had all those people trying out their exploits in one place and no one bothered to drop a bomb on the joint?
Sure it may not stop exploits from getting into the wild or script kiddies from using them, but if you have a roomful of cockroaches, doesn't it make sense to break out a can of RAID?
I feel for the Apple Fanboi's who won't be getting any sleep tonight...coming up with a defense for why their flagship product got pwned. Newsflash: nothing is secure.
If it ain't broke, DON'T fix it.
Is this another benign Safari hack that has no real world application, or another one where you need physical access to the box, or another that is already patched in the newer releases? What does "were forced to run exploit code" mean? It says "hacked into a MacBook." Is this another vulnerability in a 3rd party wireless driver? I'm not saying that it's not legit, but "Safari on OS X" without versions and details doesn't tell me a whole lot. Sounds like BS to me.
The only thing worse than a Democrat is a Republican.
Lack of skill, knowledge and expertise perhaps? Just because someone is on slashdot does not mean that they are a programmer, or if they are a programmer are familiar enough with the code to do anything about it in a timely manner. I myself would love to be able to contribute to Firefox, but my meager knowledge of Java, Haskel and PHP don't really qualify me to, and I'm not about to learn C++ just to fix a crashing bug or bugs which will likely be fixed before I'm even passed learning the basics, and I highly doubt the parent is either. BTW, I fully intend to learn C++ at some point, but that point isn't now, that's all. Also, I don't seem to have any crashing problems with Firefox...maybe I'm just lucky.