Researcher hacks just-launched IE8
Cracks Microsoft's new browser hours before release; also hacks Safari, Firefox
Computerworld - Just hours before Microsoft Corp. officially launched the final code for Internet Explorer 8, a German researcher yesterday hacked the browser during the PWN2OWN contest to win $5,000 and a Sony Viao laptop.
The researcher, a computer science student from Germany who would only give his first name, Nils, broke into the Sony within minutes by exploiting a previously unknown vulnerability in the new browser, said Terri Forslof, manager of security response at 3Com Corp.'s TippingPoint, the contest sponsor. The laptop was running what Forslof described as a "recent Microsoft internal build" of Windows 7.
Earlier today, Microsoft launched the final version of IE8 for Windows XP, Vista, Server 2003 and Server 2008. A final edition for Windows 7, however, has not been released to the public.
"It was important for Microsoft to see that bug right away," said Forslof today. "There are cases in product development where you might have a vulnerability so critical that [the vendor] makes the call to actually block the release. Microsoft needed to see that and evaluate that vulnerability."
TippingPoint purchases the vulnerabilities and the rights to the exploits when it awards cash prizes during PWN2OWN. At that point, it hands over the information to the vendor.
"This is the awesome part of PWN2OWN," said Forslof. "Microsoft got to stand there and watch it happen. They were right at ground zero." Within five minutes of Nils hacking IE8, TippingPoint had provided details and code to Mike Reavey, operations manager at the Microsoft Security Research Center (MSRC), who was at CanSecWest, the Vancouver, British Columbia, security conference that hosts PWN2OWN.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts