Andre Yoskowitz
25 Mar 2010 16:47
At this week's Pwn2Own hacking contest, the iPhone, Safari, Internet Explorer 8 and Firefox browsers were all taken down within minutes.
Vincenzo Iozzo and Ralf-Philipp Weinmann took down the iPhone browser in under five minutes, and left with $15,000 in prize money. Weinmann is most notorious for being part of a team that cracked WEP Wi-Fi security in 2007, faster than was previously recorded.
Charlie Miller of Independent Security Evaluators took down Safari for the third year in a row, leaving with $10,000 in cash as a prize.
The most impressive exploit came from Peter Vreugdenhil who took down IE8 on Windows 7 by "bypassing the operating system's Data Execution Prevention, or DEP, security mechanism, which is designed to stop most attacks." Vreugdenhil earned the same prize as Miller. German student "Nils" took down Firefox on Windows 7 within minutes as well, earning $10k.
TippingPoint, the company that runs the contest, does not divulge the details of the flaws that are used to exploit the browsers but instead purchases the rights to the exploits and then turns it over to the companies behind the browsers.
The only browser remaining unscathed after day one and day two was Google Chrome.