E-Mail:
Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!

No Such Thing As A Secure Browser

Thursday, March 19th, 2009
by Ron Schenone

No matter how many patches, fixes, updates, revisions or who the maker is, once again it has been proven no browser is totally secure. At the CanSecWest security conference hackers made toast out of Safari, Firefox and Internet Explorer 8 in a matter of seconds. Contest winners easily took home the prizes as the browsers toppled with ease.

According to a ZDNet article it stated this:

VANCOUVER, BC — Charlie Miller has done it again.  For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple’s Safari browser.

“It took a couple of seconds.  They clicked on the link and I took control of the machine,” Miller said moments after his accomplishment.

The contest kicked off at exactly 3:15 PM and, within seconds, Miller launched his drive-by attack and claimed the $10,000 top prize.  He also got to keep the MacBook machine.

Miller said he came to the CanSecWest security conference with a plan to hack into Safari and had tested the exploit carefully to ensure “it worked the first time.”

TippingPoint’s Zero Day Initiative has acquired the exclusive rights to the vulnerability and coordinate the disclosure and patch release process with Apple.

Technical details of the vulnerability will not be released until a patch is ready.

Next to fall was Firefox and IE8:

A security researcher named “Nils” (he declined to provide his full name) performed a clean drive-by download attack against the world’s most widely used browser to take full control of a Sony Vaio machine running Windows 7.

He won a cash prize and got to keep the hardware.  Details of the vulnerability, which was described by contest sponsor TippingPoint ZDI as a “brilliant IE8 bug!” are being kept under wraps.

Several members of Microsoft’s security response team were on hand to witness the successful exploit.

“Nils” also scored a clean hit against Apple’s Safari (he was the second hacker to exploit Safari) and, later in the afternoon, he exploited a Firefox zero-day flaw to claim the trifecta.

I seriously doubt any of us will see a secure browser or secure OS in our lifetimes. There are just way to many smart folks who can break into any software produced by man.

Comments welcome.

Source.

Tags
Categories

5 Comments

No Such Thing As A Secure Browser - Firefox Blog

March 20th, 2009
at 5:26am

[...] This article is featured on the custom Firefox Blog at Auto-Blogs.us. [...]

EarRings

March 20th, 2009
at 10:00am

Maybe but they did not include Opera?

Son of a Maui Portagee

March 28th, 2009
at 10:36pm

Odd that you neglected to mention that Google’s Chrome wasn’t touched:

http://arstechnica.com/tech-policy/news/2009/03/week-in-review-chrome-is-shinier-than-your-browser-edition.ars

Ron Schenone

March 29th, 2009
at 5:56pm

I covered Chrome after this article.http://www.lockergnome.com/blade/2009/03/24/googles-chrome-the-best-browser-against-hackers-yes/

Son of a Maui Portagee

April 8th, 2009
at 2:13pm

That’s good. But since both articles together complete your CanSecWest coverage shouldn’t there be some cross referencing links between the two?

What Do You Think?

 

Posted Recently

Attention Facebook Users - Don’t Click da’ Button Baby!

Dell Still Having Problems - Shares Plummet - Losing Marketshare

eBay Web Glitch Renders Site Unuseable

Microsoft Seeks Partners To Fight Against The Google Empire

Tronix Country - Another BlueHippo? You Decide

Is Google Going To Reinvent The Netbook Or Just Improve On The User Experience?

The Next Tweet You Receive Could Be An Advertisement

I’m A Jerk And I Steal From Others - I Don’t Think So!

Canonical [Ubuntu] + Google = Working Together To Bring More Choice To The Consumer

HDTVs - Both LCD & Plasma Popular - But What Happened To DLP?

Google Chromium OS - It Is For Real! And It Is Linux!

AOL To Employees: Raise Your Hand If You Would Like To ‘Volunteer’ Or Be Fired!

Dell Closing Down North Carolina Facility - 1400 To Lose Their Jobs

California Passes First Standards For Energy Thirsty Televisions

MS Office 2010 Beta - Refusal To Install After Using MS Office 2010 Technical Preview

Microsoft Office 2010 Beta Available For Public Download

Diskeeper Professional 2010 - First Look - Reviewed

Don’t Become A Victim Of Web Loyalty Or Coupon Saving Scams

Notebook Reliability - Asus The Best And HP The Worst - What Do You Think?

Verizon To AT&T: The Truth Hurts - Our 3G Coverage Is Better Than Yours!

Question For You: What Is The Best Tutorial, Manual, Or Book For Windows 7 Users?

48% Would Pay For Online News While 80% Would Not - Say What?

Russia Bans Modern Warfare 2 - Recalls All Copies

Walmart - This Holiday Season Will Be Flat For Sales

Sezmi - Will This Service Replace Your Cable Or Satellite Company?

Asus And Toshiba Could Merge And Become The #3 PC Maker

Food Companies Really Like Blogging Moms

FTC To BlueHippo: You Have Duped 35,000 Consumers And That Is Enough!

Security Updates As Of November 15, 2009

Google vs. Murdoch - Once Again The Plot Thickens

Best Buy Black Friday Desktop Computer Sale With Printer All For $299

The Google Puzzle - More Pieces Coming Our Way - Maybe Even An OS Within A Week?

CompUSA & Circuit City Are Being Resurrected From The Dead

Can We Accurately Compare XP, Vista and Windows 7 When It Comes To Performance?

Can You Trust The Windows 7 Compatibility Report When Doing An Upgrade?

How Long Does It Take To Upgrade Windows 7 From One Version To Another? How About 10 Minutes

AMD Gets $1.25 Billion From Intel - Settlement Ends Years Of Litigation

Thinking Of Buying A Blu-ray Player? Read This First

Westinghouse 32″ LCD - HDTV 720p For $246? Target Will Have It On Black Friday

Windows 7 Was ‘Inspired By Mac’? No, No Says Microsoft!

45 queries / 0.795 seconds.