Researcher hacks just-launched IE8
Cracks Microsoft's new browser hours before release; also hacks Safari, Firefox
March 19, 2009 12:00 PM ETComputerworld - Just hours before Microsoft Corp. officially launched the final code for Internet Explorer 8, a German researcher yesterday hacked the browser during the PWN2OWN contest to win $5,000 and a Sony Viao laptop.
The researcher, a computer science student from Germany who would only give his first name, Nils, broke into the Sony within minutes by exploiting a previously unknown vulnerability in the new browser, said Terri Forslof, manager of security response at 3Com Corp.'s TippingPoint, the contest sponsor. The laptop was running what Forslof described as a "recent Microsoft internal build" of Windows 7.
Earlier today, Microsoft launched the final version of IE8 for Windows XP, Vista, Server 2003 and Server 2008. A final edition for Windows 7, however, has not been released to the public.
"It was important for Microsoft to see that bug right away," said Forslof today. "There are cases in product development where you might have a vulnerability so critical that [the vendor] makes the call to actually block the release. Microsoft needed to see that and evaluate that vulnerability."
TippingPoint purchases the vulnerabilities and the rights to the exploits when it awards cash prizes during PWN2OWN. At that point, it hands over the information to the vendor.
"This is the awesome part of PWN2OWN," said Forslof. "Microsoft got to stand there and watch it happen. They were right at ground zero." Within five minutes of Nils hacking IE8, TippingPoint had provided details and code to Mike Reavey, operations manager at the Microsoft Security Research Center (MSRC), who was at CanSecWest, the Vancouver, British Columbia, security conference that hosts PWN2OWN.
PWN2OWN
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
