Skip to comments.Pwn2Own: Down go all the browsers
Posted on 03/08/2013 7:25:20 AM PST by illiac
Summary: In the first day of the Pwn2Own cracking contest, Microsoft's Internet Explorer 10, Google's Chrome and Mozilla's Firefox web browsers have all gone down in flames.
Steven J. Vaughan-Nichols
By Steven J. Vaughan-Nichols for Networking | March 7, 2013 -- 18:20 GMT (10:20 PST)
In the eternal war between crackers and security professionals, the hackers have won the latest battle. ZDI_Twitter_AvatarIn ZDI's Pwn2Own hacker competition one browser after another fell. At the CanSecWest conference in Vancouver, Canada, the HP Zero Day Initiative's (ZDI) annual Pwn2Own competition has ended its first day of competition and Microsoft's Internet Explorer (IE) 10, Google's Chrome and Mozilla's Firefox Web browsers have all been cracked. In addition, Javacan anyone be surprised at this?--was also cracked multiple times.
Vupen Security, the French security and hacking company, cracked IE 10. Vupen reported, via Twitter, that they "pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass."
Mind you, no one else had anything to boast about on this day. Google, which had just fixed numerous security bugs in the Chrome Web browser prior to Pwn2Own, saw Chrome go down as well. MWR Labs, a branch of UK-based MWR InfoSecurity, took down Chrome 25 on Windows 7 by exploiting multiple "zero-day," or unpatched, browser vulnerabilities.
(Excerpt) Read more at zdnet.com ...
They'll do evil no matter to whom, when or where .. they just love evil.
Our hope is built on nothing less than Jesus and His righteousness.
Visit only reputable web sites run by reputable companies. Explore new web sites based upon reviews that you trust.
Only reasonably safe browsing is either from a sandbox, a VM environment you don’t care about infecting (always rollback), or a Linux OS. And of course all while using a hardware and software firewall with proper rules in place.
Ya pays yer money and ya takes ya chances.
Last night I posted an image of Keira Knightly that I had found using Bing.
About an hour later that image was gone.......and had been replaced by a bawdy (indeed almost obscene) photo of a completely different woman.
How could that happen?
You can’t trust MS.
Wait a minue.
We can’t even edit our own posts on FR. How could someone else get in and change the img src link?
LIKE THERE EVER WAS?......The castle always loses........
When you post a picture, all you really do is post a direction, or an address, to what you believe it the picture you want to appear.
If the source, or the host computer, decides to changes what picture goes in what location, then your picture on FR changes.
They changed it on the other end. That “img src” link you put up referenced a specific picture on someone else’s site. That person didn’t like you linking to their resources so they changed the picture on their end.
Probably the owner of that image noticed that you were stealing their bandwidth by using the image they were hosting. And then they can deliver whatever image they want when the browser requests Keira. It’s possible they have an automatic mechanism for detecting such abuse and replacing it with the bawdy image.
TL;DR You should have saved the image, uploaded it to say imgur and then used that image. Unless you’re very sure the owner doesn’t mind us using a bit o his bandwidth.
Some websites do not like hotlinking to their images. Their admins will intercept your hotlink and re-direct it to ‘usually’ a terse message that says ‘don’t do that anymore’. Some replace the message with a nasty pic that will get you in trouble with your friends and family, especially your mother..........
Take two photos stored on your hard drive and swap their names. This is probably what happened.
As easy as dropping an egg on a tile floor I would think.
So true...I’ve used several, even with firewalls...
They can still hack it if they want to....
someone just took a new image and gave it the same name as your old image and copied it to the same place.
so, when someone’s web browser brought up the image (with the same name) the contents of that file were the new image
It is certainly possible to write browsers that are nearly impossible to attack, but there is little market for them.
I have no idea. Found it using Bing.
No way...Impossible for OSX to go down. At least that’s what we’ve been told by the macbots and apple zealots.
Of course they were saying that even after OSX was the first to lose 3 years in a row!
Oh well, who ever takes security advice from a macbot is an idiot anyway.
Odd this year they didn’t test safari?
Also it’s amazing that they are saying adobe is the most secure platform this year! Wow they have really turned it around.