Researcher hacks just-launched IE8
Cracks Microsoft's new browser hours before release; also hacks Safari, Firefox
Computerworld - Just hours before Microsoft Corp. officially launched the final code for Internet Explorer 8, a German researcher yesterday hacked the browser during the PWN2OWN contest to win $5,000 and a Sony Viao laptop.
The researcher, a computer science student from Germany who would only give his first name, Nils, broke into the Sony within minutes by exploiting a previously unknown vulnerability in the new browser, said Terri Forslof, manager of security response at 3Com Corp.'s TippingPoint, the contest sponsor. The laptop was running what Forslof described as a "recent Microsoft internal build" of Windows 7.
Earlier today, Microsoft launched the final version of IE8 for Windows XP, Vista, Server 2003 and Server 2008. A final edition for Windows 7, however, has not been released to the public.
"It was important for Microsoft to see that bug right away," said Forslof today. "There are cases in product development where you might have a vulnerability so critical that [the vendor] makes the call to actually block the release. Microsoft needed to see that and evaluate that vulnerability."
TippingPoint purchases the vulnerabilities and the rights to the exploits when it awards cash prizes during PWN2OWN. At that point, it hands over the information to the vendor.
"This is the awesome part of PWN2OWN," said Forslof. "Microsoft got to stand there and watch it happen. They were right at ground zero." Within five minutes of Nils hacking IE8, TippingPoint had provided details and code to Mike Reavey, operations manager at the Microsoft Security Research Center (MSRC), who was at CanSecWest, the Vancouver, British Columbia, security conference that hosts PWN2OWN.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts