By Susan Bradley
One of the top draws at CanSecWest, the highly regarded Canadian security conference, is the break-the-browser contest known as Pwn2Own.
So can it be coincidence that Apple, Google, and Mozilla updated their browsers just days before the contest?
Yesterday was the start of CanSecWest 2010 in Vancouver, British Columbia. This year, a U.S. $10,000 prize sponsored by TippingPoint’s Zero Day Initiative (more info) goes to each white-hat hacker who’s the first to bring down Microsoft’s Internet Explorer 8, Mozilla’s Firefox 3, Google’s Chrome 4, or Apple’s Safari 4. Smartphones are targeted in the competition, too.
At this writing, environments that failed the test included Apple’s iPhone and three different browsers: Safari, Firefox, and IE 8 (with the attacker able to circumvent IE’s vaunted Data Execution Prevention), according to the ZDI Twitter feed.
The benefits for us from the contest should be more-secure browsers — before the conference and, probably, soon after.
Zero-day threat in Firefox is now fixed
Mozilla pushed out an update to Firefox on March 22, earlier than the March 30 date originally promised.