The HTML world is again divided between W3C and WHATWG camps, and which mobile OS will be the first to fall at Mobile Pwn2Own?
Over the weekend, quite the hubbub developed around this post by Ian Hickson to the WHATWG public mailing list. The post detailed the splitting of the editor role between W3C and WHATWG, and the cloning of bugs from W3C's instance of Bugzilla to WHATWG's instance.
A sample of the discussion would leave one to think that the HTML world is returning to one that is split asunder; but the move for Hickson to edit only the WHATWG specification, rather than both the WHATWG and W3C specs, was announced in April.
Instead, we have a world where the browser vendors (sans Microsoft) will continue pushing forward with WHATWG development, and W3C will focus on completing its HTML5 spec and its HTML.Next initiative.
In the long run, I don't see a big difference to the current state of affairs; browser vendors will do what they want, and the W3C will continue to standardise after the browsers have implemented the features they wish. It's business as usual — a shame, really.
Only eight Australian universities made the top 100, with the University of Melbourne leading the way, in 21st place. The other local institutes in order were the Australian National University, the University of Queensland, the University of New South Wales, the University of Sydney, Monash University, Queensland University of Technology and RMIT University.
Come 19 and 20 September, Amsterdam will be the host of EUSecWest 2012, which will feature a version of the Pwn2Own competition that is aimed at hacking mobile devices. A pool of cash totalling $200,000 will be on offer to contestants. A hack of cellular baseband will earn US$100,000, an SMS hack will gain US$40,000, NFC hacks also get US$40,000, and a hack of a mobile web browser will earn US$20,000.
Each contestant will select the device they wish to compromise during pre-registration, with the requirement that it's a current device running the latest version of its operating system. The exact OS version, firmware and model numbers will be coordinated with the pre-registered researcher. People who register on the site will be able to choose from the list of provided devices: the BlackBerry Bold 9930, Samsung Galaxy S III, Nokia Lumia 900, and Apple iPhone 4S.
A successful attack must require little or no user interaction, and must compromise or exfiltrate useful data from the phone. Any attack that can incur cost upon the owner of the device, such as silently calling long-distance numbers, eavesdropping on conversations, and so forth, is within scope. Any vulnerabilities used in the event must be zero-day vulnerabilities.
The contest is being sponsored by RIM, AT&T, and HP.
In 2010, Pwn2Own contestants successfully hacked Safari, Firefox, IE, and an iPhone.
Which phone do you think will be first to fall?