General discussion

Locked

OK, I'll start it then.. PWN2OWN 2009.. thoughts?

By Neon Samurai ·
So, the favorite entry point was browsers and they all fell starting with Safari fell first followed by IE8.

I've heard outright disgust that such a competition sensationalizes exploits where security research should be a humble activity intended to better computing for the end user.

I've also heard that the Safari exploit was discovered and sat on for a year just to pop the machine at this year's competition.

What are others thoughts on this years challenge?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Sorry...

by JackOfAllTech In reply to OK, I'll start it then.. ...

What are you talking about?

Collapse -

it was a rather open ended starter but I have a few links to offer

by Neon Samurai In reply to Sorry...

Mostly, I'm just curious to hear other's thoughts on the contest this year but here are a few links. Ironically, belonging to ZDNet though found through OSNews.


Safair browser falls in seconds
http://blogs.zdnet.com/security/?p=2917

IE8, Firefox and Safari broken
http://blogs.zdnet.com/security/?p=2934

Interview with Charlie Miller
http://blogs.zdnet.com/security/?p=2941

Collapse -

HA!

by Jaqui In reply to OK, I'll start it then.. ...

MY preferred browser would never be broken in their little game. :)

lynx just don't do anything with the fancy bells and whistles, it only handles basic html.. and barely at that.

Collapse -

I notice Opera was left off the list also

by Neon Samurai In reply to HA!

Opera's users seem to find it pretty robust. I'd have been interested to see it in the competition also.

But yeah.. no one's breaking Lynx. And even better, ddWRT provides a Lynx friendly theme for the admin forms.

Collapse -

so was

by Jaqui In reply to I notice Opera was left o ...

Mozilla Seamonkey.

but then Seamonkey uses the same backend code base as Firefox, it just has a different ui code base.

Collapse -

I didn't realize they where different

by Neon Samurai In reply to so was

I thought Seamonkey was just the unbranded Firefox so it could be included in the Debian distributions. I'll have to see where I have a Debian with X ontop to take a closer look.

Collapse -

There are sort of 2 Seamonkey

by seanferd In reply to I didn't realize they whe ...

the 1.x and 2 alpha. They are a bit different, but share a lot of Mozilla code.

SeaMonkey is what became of the Mozilla Suite. The project is not directly run by Mozilla foundation.

For Debian, you're thinking IceWeasel.

Collapse -

Stll haven't read too much about it

by seanferd In reply to OK, I'll start it then.. ...

Just the overview of pwning machines through the browser. I would like to know exactly how fast the Mac was taken, still read reports of "seconds".

So, I'm mostly posting to claim ignorance, but interest. I did see your post when it was initially in the top area of the list, I just don't have any particularly informed thoughts. :)

Edit: And right, these exploits should only be sensational in the underworld. I can't wrap my head around the hide it/block it/ban it mindset. Why not be informed?

Collapse -

Cooked.

by DHCDBD In reply to OK, I'll start it then.. ...

The same exploit was not allowed to be used on two separate browsers, else they all would have fallen. In other words, once an exploit was successful against Safari, it was not allowed to be used for Firefox or IE; if it were all three would have fallen in short order.

Back to Browser Forum
9 total posts (Page 1 of 1)  

Software Forums