Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pwn2Own 2012 Set To Reveal More Browser Vulnerabilities Than In the Past

Posted by Soulskill on from the quality-over-quantity-but-quantity-is-good-too dept.

darthcamaro writes "In any given year, Slashdot always has stories about how a researcher hacked a browser in only a few minutes at the Pwn2own hacking challenge. This year the rules are a bit different, and instead of hackers winning for just one vulnerability, the rules allow for multiple vulnerabilities to be presented. The winner isn't the first one to hack a browser, but is the one that can hack the browser the most. 'In the past, due to the way the competition was architected, we had lots of sensationalist headlines, things like "Mac hacked in three seconds,"' said Aaron Portnoy, Manager of the Security Research Team at HP TippingPoint. 'We don't think that type of sensationalism was representative of all the research that was going on.'"

5 of 57 comments (clear)

  1. Actually an extremely good point by Riceballsan · · Score: 4, Insightful

    The time is pretty irelevant. I mean it isn't like the hackers hadn't seen the OS's or browsers before they set foot on the floor and were going blind. That is like giving someone a sudoku puzzle a month in advance, having him do it from memory and claiming that this guy is so smart he can solve the sudoku puzzle in 30 seconds.

    1. Re:Actually an extremely good point by mjwx · · Score: 4, Interesting

      And yeah, this has happened in previous years, Safari scheduled to be attacked first so the media and anti-Apple people online scream about how Safari is the least secure browser because it was broken "first"

      I dont suppose that you've considered that Safari gets broken first and fastest because there are a lot of undiscovered exploits, due largely to the fact that no-one targets safari as a browser due to low usage. Pwn2Own requires an entirely new exploit (otherwise I'm sure IE would be down in a number of nanoseconds)

      BTW, Safari was not simply broken first, it was broken fastest, this is important as you pointed out the demonstrations took place at different times.

      IE, Chrome and Firefox all have larger user bases, it stands to reason that they will have fewer undiscovered exploits then Safari because they are targeted more often.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    2. Re:Actually an extremely good point by Anonymous Coward · · Score: 5, Interesting

      Safari scheduled to be attacked first so the media and anti-Apple people online scream about how Safari is the least secure browser because it was broken "first"

      The schedule is not relevant, the Mac was hacked in the shortest amount of time which is why we say it was hacked "first".

      And what pissed all you fanboys off wasn't how fast it got hacked, but the statement by the hacker that he chose the Mac because "it was the easiest to compromise quickly".

      If Apple would stop its misleading marketing campaign, and if Apple's users would stop with the constant "Derp derp my Mac is 100% immune to any and all malicious activity of any kind" then we wouldn't laugh at your ass all the time.

    3. Re:Actually an extremely good point by somersault · · Score: 4, Funny

      It does if he has a gun pointed to his head while getting a blow job.. man that was an awful film..

      --
      which is totally what she said
  2. Also helps with vulnerability hoarding by slimjim8094 · · Score: 5, Informative

    I heard that it's been the case before that discovered vulnerabilities would be kept secret so that they could be used across multiple years. This changes the incentive to reward whoever's found the most, which is what the point was all along - exposing as many vulnerabilities as possible.

    --
    I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.