Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pwn2Own 2012 Set To Reveal More Browser Vulnerabilities Than In the Past

Posted by Soulskill on from the quality-over-quantity-but-quantity-is-good-too dept.

darthcamaro writes "In any given year, Slashdot always has stories about how a researcher hacked a browser in only a few minutes at the Pwn2own hacking challenge. This year the rules are a bit different, and instead of hackers winning for just one vulnerability, the rules allow for multiple vulnerabilities to be presented. The winner isn't the first one to hack a browser, but is the one that can hack the browser the most. 'In the past, due to the way the competition was architected, we had lots of sensationalist headlines, things like "Mac hacked in three seconds,"' said Aaron Portnoy, Manager of the Security Research Team at HP TippingPoint. 'We don't think that type of sensationalism was representative of all the research that was going on.'"

4 of 57 comments (clear)

  1. Actually an extremely good point by Riceballsan · · Score: 4, Insightful

    The time is pretty irelevant. I mean it isn't like the hackers hadn't seen the OS's or browsers before they set foot on the floor and were going blind. That is like giving someone a sudoku puzzle a month in advance, having him do it from memory and claiming that this guy is so smart he can solve the sudoku puzzle in 30 seconds.

    1. Re:Actually an extremely good point by Riceballsan · · Score: 3, Insightful

      Right, but solving it in an hour or solving it in 30 seconds makes no difference. When the goal of the tournament is who can solve it fastest, it doesn't prove he is any better then the other competitors when the contest ends after the first person solves it

    2. Re:Actually an extremely good point by mikael_j · · Score: 3, Insightful

      It gets even more ridiculous when the Apple or Microsoft brand sudoku puzzle is the first one scheduled to be solved and everyone screams about how this is proof that those puzzles are easier to solve than the Mozilla or Google brand puzzles.

      And yeah, this has happened in previous years, Safari scheduled to be attacked first so the media and anti-Apple people online scream about how Safari is the least secure browser because it was broken "first" (even though if you look at the event schedule this obviously happened because the demonstrations of the browsers were all scheduled at different times with it simply being the first target as opposed to all browsers being attacked simultaneously).

      --
      Greylisting is to SMTP as NAT is to IPv4
    3. Re:Actually an extremely good point by drsmithy · · Score: 3, Insightful

      Shush, this is Slashdot. Marketshare and userbase are never factors.