Â
When was the first safari. Only a few seconds it took until Charlie Miller is the Apple browser subject had made. But Miller was also well prepared. Already one month earlier he had announced his intention, his Hacksoftware prepared. The fact that Apple is in this period failed to provide security to plug loopholes through which Miller in the browser wanted to penetrate, has a simple reason: If he finds such a gap, Miller retains his findings for themselves.
Web browser as a sportive target for hackers: Only one was held
"Vulnerabilities have a market value. It would be pointless to take the trouble to make a gap and broke to publish his findings," says Miller to
ZDNet and adds: "Apple people paid for this work, so this work must be worth something."
This is not quite the work ethic of white-hat hacker who traditionally their findings to the affected companies, their hacks so as a contribution to the security of the IT world. Indirectly, however, Miller is doing the same - he wants it just do not volunteer.
Particularly rewarding because it is such vulnerabilities to use to the hacking competition Pwn2Own participate annually in the framework of the Security Conferences
CanSecWest place. Who participates therein may triple win. For one, the winner's glory and honor sure to wave to other cash prizes. And finally, we must, if successful, the device that you have hacked, also take away. Just as Charlie Miller, who this year for the second time in this way to a brand new Macbook came - and additional $ 5000 prize money einsteckte.
All phones have remained steadfast
What you had to make to adapt to this way, a new gadget to work, was approved by the competition management previously defined. Who, when and in what order his arts could perform certain the Lostrommel. The pole position secured advantages here, because only the first to overcome a hurdle, equipment and money was pressed. Subsequent attempts were successful only with a disdainful Mammon rewarded. But even that worth it. For each exposes computer security hole, there was $ 5000, disclosed security vulnerabilities on mobile phones should do with $ 10,000 paid.
But so far there was not. Three days long toiled in mobile phone specialists to provide mobile phones from. A total of five different devices were the choice for hackers, a BlackBerry, a T-Mobile G1 an iPhone, a Nokia N95 and an HTC Touch. But to crack, no-show succeeded programmer. At the end they had all their old mobile phones, and without extra holiday to go home. The mobile phone manufacturers were able to knock on the shoulders.
Whether this will remain so, however, is questionable. Apparently there was this year only a few serious attempts to adapt to the mobile phones to make. That could be next year already look quite different when the competition - and especially the prize money - in the scene have a better round.
IE8 was killed before its publication
On the PC hacker on the other hand, it has long been spread that the participation in the competition Pwn2Own can pay off. On a Windows machine, the security mechanisms of the supposedly most secure Internet Explorer 8, Firefox and Chrome overcome, stood on Mac Safari and Firefox on the election. At the end of the competition it was 4:0 for the hackers. Until Google's Chrome browser leckgeschlagen were all made it to the participants of the competition, the control over the computer to take over.
One of these leaks could also be applied to Chrome. Because of Google's browser in a special way with the operating system of the PC together, it was not the hackers, in this way the whole PC to capture. Quite different, however, saw the new Microsoft browser. The IE8 ordered a hacker before its official publication.
It was worth it
The specialist, who simply described as the Nile, walked with ease on Microsoft's new security mechanisms DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization), gained in this way access to the Vaio laptop that he also was allowed to go. Still, Microsoft's expert responded immediately stopped the leak by Nils utilized within twelve hours, a record-breaking response. Apparently it was prepared in Redmond.
But the winner of the day remained Nile. Shortly after he had cracked the IE8 he is still in the Windows versions of Firefox and Safari before, with success. So he could at the end of the day is not only a new notebook, but also take away $ 15,000. As another saying that it would not be rewarded for the good guys to hack.
No comments:
Post a Comment