Feeds

Making sport of browser security, hackers topple IE, Safari

Once again

Top 5 reasons to deploy VMware with Tegile

Microsoft not left out of the carnage

Not to be left out, IE was equally devastated. Steven Fewer, an independent security researcher and principle of security consultancy Harmony Security, said he also exploited a use-after-free bug in the browser. Microsoft has fortified IE with a security sandbox that isolates it from more sensitive parts of the operating system, so Fewer had to exploit a design flaw in to break out.

“The (sandbox) escape I found was pretty easy, to be honest,” he said. “Surprisingly so.”

In all, he said it took him about six weeks of full-time research to find the bugs and write working exploits for them.

As the contest commenced, there were four contestants signed up to attack Safari, three to attack IE and just one to attack Chrome, which in addition to the $15,000 prize awarded by Pwn2Own sponsor Tipping Point, also fetched $20,000 from Google. The contestant never showed.

Day Two of the contest will turn its attention to smartphone security, with $15,000 prizes to the first person who successfully commandeers a Dell Venue Pro running Windows 7 Mobile, an iPhone 4, a BlackBerry Torch 9800, and a Nexus S running Google's Android. All four platforms have multiple contestants signed up to attack them, although Android hacker Jon Oberheide recently dropped out after killing his own Android vulnerability.

George Hotz, the prolific hacker and jailbreaker who goes by the moniker GeoHot, has also dropped out, evidently because Sony, which is waging a no-hold-barred legal fight against him for unlocking the PlayStation 3 game console, has given him much more pressing things to attend to.

The contest runs through Friday at the CanSecWest security conference in Vancouver. ®

Remote control for virtualized desktops

More from The Register

next story
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority
Let’s Encrypt to give HTTPS-everywhere a boost in 2015
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
Got an iPhone or iPad? LOOK OUT for MASQUE-D INTRUDERS
UNjailbroken iOS 7, 8 open to evil, says secbiz FireEye
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.