Security competition reveals new browser flaws

Tracey capen By Tracey Capen

CanSecWest 2010’s hacker competition results in public defeat for Apple’s iPhone and three of the leading Internet browsers.

Apple, Microsoft, and other vendors are certain to release patches in the next few months for these holes, but what’s a user to do in the meantime?

Security conferences offer forums for top security specialists to share the latest malware threats anddefenses. But CanSecWest’s (Canadian Security West) most-popular event is Pwn2Own, a competition for white-hat hackers. The winner is the first contestant to defeat a browser’s defenses and take over a personal computer. This year’s Pwn2Own included smart phones for the first time.

The most-interesting revelations at this beat-the-browser match were the contestants’ ability to circumvent Microsoft’s Address Space Load Randomization (ASLR) and Data Execution Prevention (DEP) security controls and their success in hacking Apple’s immensely popular iPhone.

Ironically, the competition has another aspect pre-eminent with malware authors — money. In addition to bragging rights, winning this year’s Pwn2Own included $100,000 in prize money put up by security company TippingPoint.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

Tracey Capen

About Tracey Capen

Editor in chief Tracey Capen was the executive editor of reviews at PC World magazine for 10 years, from 1995 to 2005. He was InfoWorld's managing editor of reviews from 1993 to 1995 and worked in the magazine's test center and as networking editor from 1989 to 1992. Between his stints at InfoWorld, he was senior labs editor at Corporate Computing magazine.