Insecure Candidates: Chrome Wins Hacking Contest
At the CanSecWest Vancouver 2009 conference's PWN2OWN hacker's competition the Safari, Internet Explorer 8 and Firefox browsers were successfully hacked to run code on their systems. The Chrome browser was recognized as being the least impacted by the hackers.
The two-day PWN2OWN competition had but one goal: hacking an application as fast as possible to run code in it. The hacker contest is a feature of the annual CanSecWest conference, this year in Vancouver March 16-20, where standard PCs and Macs are subjected to vulnerabilities using the current version of the targeted software containing all the newest security updates. This year the hackers were to hack four fully patched browsers and five mobile devices. While the mobile devices remained "unscathed," almost all browsers failed the test in one way or another.
In less than 10 seconds Charlie Miller could open his MacBook with Safari and promptly won the $5,000 Zero Day Initiative prize. After jury members clicked a specially prepared link, Miller could control the system through an undocumented security hole.
Internet Explorer 8 was the next victim (ironically almost parallel to its official start in Las Vegas) to follow the MacBook pattern. A hacker named simply Nils used an undocumented vulnerability to control the Windows 7 subsystem and won another $5,00 prize from ZDI. He also exploited the first known security hole of IE8. Just earlier Microsoft's Dean Hachamovitch in his talk had praised the high security standards of IE8 with its Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protection technologies.
Twice again Nils pulled off victories. First was a Safari exploit that won him another $5,000. Secondly, the Firefox competition didn't escape his schadenfreude and he won another prize through a zero day exploit: altogether $15,000 for Nils.
Uncontested winner of the day was Google's Chrome browser, even though Charlie Miller did find a vulnerability that he later admitted his sandbox prevented him from carrying out. Details of the vulnerabilities unfortunately weren't given out: the TippingPoint DVLabs host of the conference pretty much buys the discretion of the hackers through its prize money, but will pass things on to the browser manufacturers.
Comments
comments powered by DisqusSubscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
Fedora 39 Beta is Now Available for Testing
For fans and users of Fedora Linux, the first beta of release 39 is now available, which is a minor upgrade but does include GNOME 45.
-
Fedora Linux 40 to Drop X11 for KDE Plasma
When Fedora 40 arrives in 2024, there will be a few big changes coming, especially for the KDE Plasma option.
-
Real-Time Ubuntu Available in AWS Marketplace
Anyone looking for a Linux distribution for real-time processing could do a whole lot worse than Real-Time Ubuntu.
-
KSMBD Finally Reaches a Stable State
For those who've been looking forward to the first release of KSMBD, after two years it's no longer considered experimental.
-
Nitrux 3.0.0 Has Been Released
The latest version of Nitrux brings plenty of innovation and fresh apps to the table.
-
Linux From Scratch 12.0 Now Available
If you're looking to roll your own Linux distribution, the latest version of Linux From Scratch is now available with plenty of updates.
-
Linux Kernel 6.5 Has Been Released
The newest Linux kernel, version 6.5, now includes initial support for two very exciting features.
-
UbuntuDDE 23.04 Now Available
A new version of the UbuntuDDE remix has finally arrived with all the updates from the Deepin desktop and everything that comes with the Ubuntu 23.04 base.
-
Star Labs Reveals a New Surface-Like Linux Tablet
If you've ever wanted a tablet that rivals the MS Surface, you're in luck as Star Labs has created such a device.
-
SUSE Going Private (Again)
The company behind SUSE Linux Enterprise, Rancher, and NeuVector recently announced that Marcel LUX III SARL (Marcel), its majority shareholder, intends to delist it from the Frankfurt Stock Exchange by way of a merger.
Opera