Hacker Cracks Recently Released IE8 Final
Article by George Norman
On 20 Mar 2009
It is not just the recently released Internet Explorer 8 (IE8) that has been cracked, Mozilla’s Firefox and Apple’s Safari have succumbed as well, but the thing that drew my attention to IE8 is the fact that Steve Ballmer put a great deal of emphasis on how secure this latest version of the Microsoft develop browser really is.

“Customers have made clear what they want in a Web browser — safety, speed and greater ease of use. With Internet Explorer 8, we are delivering a browser that gets people to the information they need, fast, and provides protection that no other browser can match,” said Microsoft CEO, Steve Ballmer a while back.


The good news is that all this hacking business occurred at the PWN2OWN competition and it was done right in front of Microsoft representatives. A computer science student from Germany (we only know his first name: Nils) was presented with a Sony laptop running on a “recent Microsoft internal build” of Windows 7 which had Internet Explorer 8, Firefox and Chrome installed on it. He managed to successfully hack it by defeating IE8’s built in DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) security features.

Terri Forslof, manager of security response at 3Com's TippingPoint, sponsor of the PWN2OWN contest comments: “This is the awesome part of PWN2OWN. Microsoft got to stand there and watch it happen. They were right at ground zero. It was important for Microsoft to see that bug right away. They took it back to Microsoft and filed a bug. That's a real success story. Microsoft had the opportunity to talk directly with Nils about the bug, and within five hours they had it reproduced in their labs.”

For his accomplishment, Neils received a $5,000 reward, but by the end of the day he had managed to triple his earnings by hacking into Firefox and Safari (for each successfully hacked browser he received an additional $5,000). On top of that, he also received a Sony Vaio P series laptop. Not bad for a day’s work you might say, but keep in mind that by accepting these cash rewards he has actually sold the vulnerabilities and rights to exploit them to TippingPoint.

Terri Forslof again: “It was insane compared to last year. Nils hit the IE8 vulnerability and everybody thought that was it. Then he comes back and says 'Do you mind if I try my Safari vulnerability? Oh, and by the way, I also have a Firefox bug'. After just two hours, we had four browser vulnerabilities and we'd paid out $20,000.”

The additional $5,000 were paid to Charlie Miller, the defending champion of 2008’s PWN2OWN (when only 2 vulnerabilities were uncovered). Charlie Miller was presented with a Macbook which had Safari and Firefox installed on it – in no time at all he successfully exploited a Safari vulnerability thus winning the $5,000 prize and the Macbook.

“Charlie Miller got the luck of the draw, and had the first time slot for the browser competition. His target- Safari on Mac OS X. Before I could even pull my camera out, it was over within 2 minutes- and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative,” said Forslof.

The only browser that was left intact at the PWN2OWN competition was Google’s Chrome, version 2.0 of which recently hit Beta (Chrome 2.0 Beta) and which is attempting to become more popular thanks to Chrome Experiments.

Tags: Internet Exporer 8, Safari, Firefox, Chrome, PWN2OWN
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Hacker Cracks Recently Released IE8 Final
HTML Linking Code