Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 25 Apr 2014, 02:37
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Pwn2Own: Down go all the browsers
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [2 Posts]  
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10695
Location: Arizona USA

PostPosted: Fri 08 Mar 2013, 16:38    Post subject:  Pwn2Own: Down go all the browsers  

Pwn2Own: Down go all the browsers
Quote:
At the CanSecWest conference in Vancouver, Canada, the HP Zero Day Initiative's (ZDI) annual Pwn2Own competition has ended its first day of competition and Microsoft's Internet Explorer (IE) 10, Google's Chrome and Mozilla's Firefox Web browsers have all been cracked. In addition, Java—can anyone be surprised at this?--was also cracked multiple times.
Java, which has been getting hacked over and over again recently, fell not once or twice but three times to crackers. Vupen broke Java by "using a same unique heap overflow as a memory leak to bypass ASLR and as a code execution."

Java was also broken by Accuvant Labs security scientist Joshua Drake and Context Information Security consultant and vulnerability researcher James Forshaw. Drake appears to have used a similar method to Vupen's in his successful hack, while Forshaw used a "reflection" attack.

Not everything was "pwned" though. No one broke Adobe's Flash Player and Adobe Reader on Windows 7 or Safari on Mac OS X Mountain Lion. Adobe products may yet go down. Vupen is going after Flash today and George Hotz, best known for unlocking Apple's iPhone, is taking on Reader.

It's not all bad news for those who are trying to secure their programs.

In a ThreatPost interview, Chaouki Bekrar, Vupen's CEO and head of research, said, "Writing exploits in general is getting much harder. Java is really easy because there's no sandbox. Flash is a different thing and it's getting updated all the time and Adobe did a very good job securing it. It's more expensive to create a Flash exploit than a Java one. Every time Adobe updates Flash, they're killing bugs and techniques and sandbox bypasses, and honestly, Adobe is doing a great job making it more secure."

As for the browsers in general, Brekar concluded:

"Chrome is probably the most hard to attack because of the sandbox. The weakness in Chrome is Webkit and the strength is the sandbox. Probably one of the reasons Chrome is so secure is that the Google guys don't just fix vulnerabilities but they're proactive in fixing techniques and sandbox bypasses."
Back to top
View user's profile Send private message 
Monsie


Joined: 01 Dec 2011
Posts: 633
Location: Kamloops BC Canada

PostPosted: Sat 09 Mar 2013, 07:15    Post subject: Pwn2Own: Down go all the browsers  

While I read that Internet Explorer 10 (designed for Windows 8 ) went down, I haven't seen any report to indicate that Internet Explorer 9 (designed for Windows 7 ) went down. Maybe IE 9 has yet to be tested this year. I haven't used IE 10 but I understand that it is quite a bit different than its predecessor, and so it may not be as hardened, or as secure generally as IE9. The bottom line might be that just because Internet Explorer 10 went down, does not necessarily imply that Internet Explorer 9 is equally as vulnerable --if not more so.

Monsie

_________________
My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [2 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0403s ][ Queries: 12 (0.0038s) ][ GZIP on ]