Browser

AtG: HTML divided again, Pwn2Own targets mobiles

The HTML world is again divided between W3C and WHATWG camps, and which mobile OS will be the first to fall at Mobile Pwn2Own?

Over the weekend, quite the hubbub developed around this post by Ian Hickson to the WHATWG public mailing list. The post detailed the splitting of the editor role between W3C and WHATWG, and the cloning of bugs from W3C's instance of Bugzilla to WHATWG's instance.

A sample of the discussion would leave one to think that the HTML world is returning to one that is split asunder; but the move for Hickson to edit only the WHATWG specification, rather than both the WHATWG and W3C specs, was announced in April.

Instead, we have a world where the browser vendors (sans Microsoft) will continue pushing forward with WHATWG development, and W3C will focus on completing its HTML5 spec and its HTML.Next initiative.

In the long run, I don't see a big difference to the current state of affairs; browser vendors will do what they want, and the W3C will continue to standardise after the browsers have implemented the features they wish. It's business as usual — a shame, really.

Following on from this story on which universities topped the QS World University Rankings for computer science, comes the unhappy story of how Australian universities fared in the rankings.

Only eight Australian universities made the top 100, with the University of Melbourne leading the way, in 21st place. The other local institutes in order were the Australian National University, the University of Queensland, the University of New South Wales, the University of Sydney, Monash University, Queensland University of Technology and RMIT University.

Come 19 and 20 September, Amsterdam will be the host of EUSecWest 2012, which will feature a version of the Pwn2Own competition that is aimed at hacking mobile devices. A pool of cash totalling $200,000 will be on offer to contestants. A hack of cellular baseband will earn US$100,000, an SMS hack will gain US$40,000, NFC hacks also get US$40,000, and a hack of a mobile web browser will earn US$20,000.

Each contestant will select the device they wish to compromise during pre-registration, with the requirement that it's a current device running the latest version of its operating system. The exact OS version, firmware and model numbers will be coordinated with the pre-registered researcher. People who register on the site will be able to choose from the list of provided devices: the BlackBerry Bold 9930, Samsung Galaxy S III, Nokia Lumia 900, and Apple iPhone 4S.

A successful attack must require little or no user interaction, and must compromise or exfiltrate useful data from the phone. Any attack that can incur cost upon the owner of the device, such as silently calling long-distance numbers, eavesdropping on conversations, and so forth, is within scope. Any vulnerabilities used in the event must be zero-day vulnerabilities.

The contest is being sponsored by RIM, AT&T, and HP.

In 2010, Pwn2Own contestants successfully hacked Safari, Firefox, IE, and an iPhone.

Which phone do you think will be first to fall?

About

Some would say that it is a long way from software engineering to journalism, others would correctly argue that it is a mere 10 metres according to the floor plan.During his first five years with CBS Interactive, Chris started his journalistic advent...

2 comments
internetexplorer
internetexplorer

wtf is whatwg, anyway? There's not a single clue in the story, which is otherwise a good one. What a shame that such a simple error blemishes the impact of the reporting. Acronyms are useful shorthand, but without a means to identify what it is referring to, then it becomes an exercise in arcane jargon instead of communicating info to the reader.

Editor's Picks