Hacking contest to break the security system internet browser and mobile devices called Pwn2Own that lasted as the CanSecWest conference in Vancouver, Canada, 9-11 March 2011, has ended. As a result, a browser made by Google and Chrome 9 Mozilla Firefox 3.6 that is not broken. While 5 of Apple’s Safari and Internet Explorer 8 Microsoft’s submission on the first day.
“I love Pwn2Own! Safari and IE8 broken on the first day, but not with Chrome,” writes Matt Cutts, head of Google’s web spam team, in your Twitter account when the first contest day is complete. The hope lasted until the contest ends since Chrome was nevertheless successfully penetrated.
This is Google’s goal to maintain the record for browsers that do not easily penetrated. For two consecutive years in the same contest, Chrome proved to be the only browser that can not be penetrated by hackers. However, this year Firefox 3.6 was no less safe and for the first time failed uprooted.
“Whew, Firefox survive in # pwn2own 2011. This is not a big success, but I am still glad to hear it,” said Brendan Eich, CTO of Mozilla, on his Twitter account to comment on such good news. Do not forget, Mozilla boss was also congratulated the team of Google Chrome through the next tweet.
The same praise delivered Google to the Mozilla team. “The two browsers that survive are both open source, have a rewards program, have the inherent security team, better and faster improvement. Coincidence?” writes Chris Evans, an engineer in Chrome security team.
In addition to challenging the hackers to penetrate the security your Internet browser, Pwn2Own also challenges participants through a mobile device operating system. IOS on the iPhone 4 and BlackBerry Torch successfully penetrated, but the Android and Windows 7 Phone survive.
Not unexpectedly made by Apple’s Safari browser and Microsoft’s Internet Explorer 8 have the same fate. Successfully uprooted hackers on the first day Pwn2Own contest that was held as part of the CanSecWest security technology conference in Vancouver, Canada, 9-11 March 2011.
Researchers from the company’s security system Vupen, France became the first team to successfully break through the Safari 5. Even according to the software version numbers, they do it in just five seconds. No kidding who uprooted the 64-bit versions of browsers running on Mac OS X Snow Leopard on the MacBook and is patched massive advance.
Co-founder Vupen, Charouki Bekrar, and two members of his team worked hard for two weeks to find a weakness in Safari 5. They found him on the Webkit, the open source-based rendering engine used by the browser. They successfully exploit the weaknesses and went through the system via the ASLR (address space layout randomization) and DEP (Data Execution Prevention), two security features specifically designed to prevent malicious programs infiltrate.
In fact, the team has made a special program for infiltrated through the hole weaknesses. These programs enable the calculator and infect a computer to take full access. “Victims who visit a website, he will get caught. Without the necessary interaction whatsoever,” said Bekrar.
While IE8 security researchers solved the challenge of Ireland Stephen Fewer. He successfully break through the browser is running on 64 bit versions of Windows 7. To penetrate the security system IE8, Fewer found three weaknesses, two of whom were already anticipated from the beginning to exploit. With two weaknesses through it, he managed to find a third weakness to break through Protected Mode sandbox so it can access the system in full operation. As Vupen, he also successfully infiltrated by hacking into DEP and ASLR in Windows 7.
For its success, Vupen carrying U.S. $ 15,000 and 13-inch MacBook Air computer that ditaklukannya. Fewer while also entitled to steal a prize of U.S. $ 15,000 and a Sony Vaio computer that had taken over his system.
According to the rules of the contest, all that successful exploitation techniques to penetrate these weaknesses will not be published. The organizers provide the data to TioipingPoint as the sponsor. Further info will be given to each vendor to give a chance to patch or repair up to 6 months before revealed to the public.
The contest took place on the second day. However, other browsers, Chrome 9 and Firefox 3.6 failed uprooted any participant. Meanwhile, for the contest of mobile devices, iPhone 4 and BlackBerry Torch also successfully conquered. While Android and Windows 7 Phone survived in Pwn2Own 2011.