Many browsers patched prior to hacking event

Susan bradley By Susan Bradley

One of the top draws at CanSecWest, the highly regarded Canadian security conference, is the break-the-browser contest known as Pwn2Own.

So can it be coincidence that Apple, Google, and Mozilla updated their browsers just days before the contest?

Yesterday was the start of CanSecWest 2010 in Vancouver, British Columbia. This year, a U.S. $10,000 prize sponsored by TippingPoint’s Zero Day Initiative (more info) goes to each white-hat hacker who’s the first to bring down Microsoft’s Internet Explorer 8, Mozilla’s Firefox 3, Google’s Chrome 4, or Apple’s Safari 4. Smartphones are targeted in the competition, too.

At this writing, environments that failed the test included Apple’s iPhone and three different browsers: Safari, Firefox, and IE 8 (with the attacker able to circumvent IE’s vaunted Data Execution Prevention), according to the ZDI Twitter feed.

The benefits for us from the contest should be more-secure browsers — before the conference and, probably, soon after.

Zero-day threat in Firefox is now fixed

Mozilla pushed out an update to Firefox on March 22, earlier than the March 30 date originally promised.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.



= Paid content

All Windows Secrets articles posted on 2010-03-25:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.