Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Pwn2Own: Down go all the browsers
ZDNet ^ | 3/8/13 | Steven J Vaughn-Nichols

Posted on 03/08/2013 7:25:20 AM PST by illiac

Summary: In the first day of the Pwn2Own cracking contest, Microsoft's Internet Explorer 10, Google's Chrome and Mozilla's Firefox web browsers have all gone down in flames.

Steven J. Vaughan-Nichols

By Steven J. Vaughan-Nichols for Networking | March 7, 2013 -- 18:20 GMT (10:20 PST)

In the eternal war between crackers and security professionals, the hackers have won the latest battle. ZDI_Twitter_AvatarIn ZDI's Pwn2Own hacker competition one browser after another fell. At the CanSecWest conference in Vancouver, Canada, the HP Zero Day Initiative's (ZDI) annual Pwn2Own competition has ended its first day of competition and Microsoft's Internet Explorer (IE) 10, Google's Chrome and Mozilla's Firefox Web browsers have all been cracked. In addition, Java—can anyone be surprised at this?--was also cracked multiple times.

Vupen Security, the French security and hacking company, cracked IE 10. Vupen reported, via Twitter, that they "pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass."

Mind you, no one else had anything to boast about on this day. Google, which had just fixed numerous security bugs in the Chrome Web browser prior to Pwn2Own, saw Chrome go down as well. MWR Labs, a branch of UK-based MWR InfoSecurity, took down Chrome 25 on Windows 7 by exploiting multiple "zero-day," or unpatched, browser vulnerabilities.

(Excerpt) Read more at zdnet.com ...


TOPICS: Chit/Chat; Computers/Internet; Science
KEYWORDS: browsers; computers
No more safe browsing???
1 posted on 03/08/2013 7:25:20 AM PST by illiac
[ Post Reply | Private Reply | View Replies]

To: illiac
Nothing is safe from evil doers.

They'll do evil no matter to whom, when or where .. they just love evil.

Our hope is built on nothing less than Jesus and His righteousness.

2 posted on 03/08/2013 7:34:05 AM PST by knarf (I say things that are true ... I have no proof ... but they're true)
[ Post Reply | Private Reply | To 1 | View Replies]

To: illiac

Visit only reputable web sites run by reputable companies. Explore new web sites based upon reviews that you trust.


3 posted on 03/08/2013 7:34:10 AM PST by sefarkas (Why vote Democrat Lite?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: illiac

Only reasonably safe browsing is either from a sandbox, a VM environment you don’t care about infecting (always rollback), or a Linux OS. And of course all while using a hardware and software firewall with proper rules in place.


4 posted on 03/08/2013 7:37:40 AM PST by miliantnutcase
[ Post Reply | Private Reply | To 1 | View Replies]

To: illiac

Ya pays yer money and ya takes ya chances.


5 posted on 03/08/2013 7:42:41 AM PST by spel_grammer_an_punct_polise (Learn three chords and you, too, can be a Rock Star!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: illiac

6 posted on 03/08/2013 7:43:51 AM PST by shove_it (Long ago Huxley, Orwell and Rand warned us about 0banana's USA.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; Calvinist_Dark_Lord; Salo; JosephW; Only1choice____Freedom; amigatec; stylin_geek; ...

7 posted on 03/08/2013 7:45:04 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
Here's a tech question:

Last night I posted an image of Keira Knightly that I had found using Bing.

About an hour later that image was gone.......and had been replaced by a bawdy (indeed almost obscene) photo of a completely different woman.

How could that happen?

8 posted on 03/08/2013 7:49:39 AM PST by BenLurkin (This is not a statement of fact. It is either opinion or satire; or both)
[ Post Reply | Private Reply | To 7 | View Replies]

To: BenLurkin

You can’t trust MS.


9 posted on 03/08/2013 7:50:43 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ShadowAce

Wait a minue.

We can’t even edit our own posts on FR. How could someone else get in and change the img src link?


10 posted on 03/08/2013 7:52:40 AM PST by BenLurkin (This is not a statement of fact. It is either opinion or satire; or both)
[ Post Reply | Private Reply | To 9 | View Replies]

To: illiac

LIKE THERE EVER WAS?......The castle always loses........


11 posted on 03/08/2013 7:55:12 AM PST by Red Badger (Lincoln freed the slaves. Obama just got them ALL back......................)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BenLurkin
They didn't. The source changed the pic at that link.

When you post a picture, all you really do is post a direction, or an address, to what you believe it the picture you want to appear.

If the source, or the host computer, decides to changes what picture goes in what location, then your picture on FR changes.

12 posted on 03/08/2013 7:55:33 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 10 | View Replies]

To: BenLurkin

They changed it on the other end. That “img src” link you put up referenced a specific picture on someone else’s site. That person didn’t like you linking to their resources so they changed the picture on their end.


13 posted on 03/08/2013 7:56:23 AM PST by JenB
[ Post Reply | Private Reply | To 8 | View Replies]

To: BenLurkin

Probably the owner of that image noticed that you were stealing their bandwidth by using the image they were hosting. And then they can deliver whatever image they want when the browser requests Keira. It’s possible they have an automatic mechanism for detecting such abuse and replacing it with the bawdy image.

TL;DR You should have saved the image, uploaded it to say imgur and then used that image. Unless you’re very sure the owner doesn’t mind us using a bit o his bandwidth.


14 posted on 03/08/2013 7:58:03 AM PST by MetaThought
[ Post Reply | Private Reply | To 8 | View Replies]

To: BenLurkin

Some websites do not like hotlinking to their images. Their admins will intercept your hotlink and re-direct it to ‘usually’ a terse message that says ‘don’t do that anymore’. Some replace the message with a nasty pic that will get you in trouble with your friends and family, especially your mother..........


15 posted on 03/08/2013 7:58:18 AM PST by Red Badger (Lincoln freed the slaves. Obama just got them ALL back......................)
[ Post Reply | Private Reply | To 8 | View Replies]

To: BenLurkin
Did you post the link? If you just posted the link then it is very easy for someone to put some other picture at that link.

Take two photos stored on your hard drive and swap their names. This is probably what happened.

16 posted on 03/08/2013 7:58:52 AM PST by who_would_fardels_bear
[ Post Reply | Private Reply | To 8 | View Replies]

To: illiac

17 posted on 03/08/2013 8:01:26 AM PST by relictele
[ Post Reply | Private Reply | To 1 | View Replies]

To: illiac
Vupen Security, the French security and hacking company, cracked IE 10

As easy as dropping an egg on a tile floor I would think.

18 posted on 03/08/2013 8:02:08 AM PST by relictele
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

So true...I’ve used several, even with firewalls...

They can still hack it if they want to....


19 posted on 03/08/2013 8:05:02 AM PST by illiac (If we don't change directions soon, we'll get where we're going)
[ Post Reply | Private Reply | To 11 | View Replies]

To: BenLurkin

someone just took a new image and gave it the same name as your old image and copied it to the same place.

so, when someone’s web browser brought up the image (with the same name) the contents of that file were the new image


20 posted on 03/08/2013 8:06:01 AM PST by Mr. K (There are lies, damned lies, statistics, and democrat talking points.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: illiac
A good example of how adding features that appeal to large numbers of end users, and flashy visual designs, are more important to software vendors than security. The market for browsers demands new features, not security, so that is what we get.

It is certainly possible to write browsers that are nearly impossible to attack, but there is little market for them.

21 posted on 03/08/2013 8:24:11 AM PST by freeandfreezing
[ Post Reply | Private Reply | To 1 | View Replies]

To: BenLurkin
Where was the image actually stored?
22 posted on 03/08/2013 9:35:41 AM PST by Ernest_at_the_Beach ((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
[ Post Reply | Private Reply | To 8 | View Replies]

To: illiac
Firefox 19.0.2 was released less than 24 hours after this announcement to fix this flaw.

Pretty fast.

23 posted on 03/08/2013 11:23:07 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

I have no idea. Found it using Bing.


24 posted on 03/08/2013 12:07:31 PM PST by BenLurkin (This is not a statement of fact. It is either opinion or satire; or both)
[ Post Reply | Private Reply | To 22 | View Replies]

To: illiac

No way...Impossible for OSX to go down. At least that’s what we’ve been told by the macbots and apple zealots.

Of course they were saying that even after OSX was the first to lose 3 years in a row!

Oh well, who ever takes security advice from a macbot is an idiot anyway.


25 posted on 03/09/2013 12:30:51 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: illiac

Odd this year they didn’t test safari?

Also it’s amazing that they are saying adobe is the most secure platform this year! Wow they have really turned it around.


26 posted on 03/09/2013 12:34:30 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson