A very interesting article written by Brian Prince a contributing writer for Dark Reading.
The results from the annual Pwn2Own hacking contest are in, and the score is as follows: hackers one, software zero.
During the past two days, security researchers pwned Microsoft Internet Explorer 10, Google Chrome, and Mozilla Firefox at the competition, which was held at this week’s CanSecWest Applied Security conference in Vancouver. Besides the browsers, this year’s researchers also successfully compromised Oracle Java, Adobe Flash Player, and Adobe Reader. The only browser that was part of the competition that was not compromised was Apple Safari running on Mac OS X Mountain Lion.
Collectively, the researchers’ winnings totaled $480,000 in cash prizes, in addition to the hardware they compromised and ZDI awards points.
“To remind you: in the world of PWN2OWN, ‘successful attack’ means that merely by browsing to untrusted web content, you’re able to inject and run arbitrary executable code outside the browser,” blogs Paul Ducklin of Sophos. “In the real world, that means you could pull off a drive-by install, where you bypass all intended protections, preventions and pop-up warnings from the browser.”
Read the rest here.