
IE8, Safari 4, Firefox 3, iPhone fall on day 1 of Pwn2Own - pavs
http://arstechnica.com/security/news/2010/03/ie8-safari4-firefox3-iphone-fall-on-day-1-of-pwn2own.ars
======
yan
FYI, here's a write up on the IE8 exploit:
[http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-Internet...](http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf)

------
teilo
It has been a very long time since I have seen a news article on the browser
vs. browser security wars. That is a good thing. Competitions like this do the
world a service by demonstrating that there is not, and in all probability
never will be any such thing as a browser that is truly secure. Well - maybe
"telnet {$addr} 80".

~~~
mos1
_maybe "telnet {$addr} 80"._

 _Summary: The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows
remote Telnet servers to execute arbitrary code on a client machine by
replaying the NTLM credentials of a client user, aka "Telnet Credential
Reflection Vulnerability," a related issue to CVE-2000-0834. Published:
08/12/2009_

or maybe not ;-)

~~~
pmjordan
I'm pretty sure "The Telnet service" refers to the telnet server, not the
telnet command (client). It does seem feasible that you could overflow a
buffer or affect the terminal window by causing telnet to output special
control characters, etc. of course.

------
kvs
Too bad no one went after Chrome. Perhaps prize money should be in proportion
to difficulty of compromise from previous years. Otherwise, it seems like
everyone is grabbing the low hanging fruits-- relatively speaking of course.
(None of these exploits are "low hanging" in the traditional sense of
exploits)

~~~
fnid2
If chrome uses webkit, I would expect vulnerabilities there to affect chrome
as well.

~~~
cookiecaper
WebKit browsers do not necessarily share vulnerabilities. Chrome utilizes a
unique tabs-and-plugins-as-processes model that makes exploitation and
security in Chrome a whole different ball game.

WebKit is a library for rendering the web. There is more to a modern browser
than that. One of Chrome's major features is its independent process model,
and it does a lot to mitigate attacks. All of the browsers will have to switch
to something like it eventually.

------
TNO
Why are there no attempts on a current release of FireFox? Its not like Fx 3.6
is brand new. Plus, where's Opera?

~~~
GHFigs
According to the organizers, the latest versions of all browsers are used.
<http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010>

------
ZeroGravitas
I hope I'm wrong about this, but surely this media circus just prompts
security researchers to keep quiet about flaws they find? Why are we rewarding
them with fawning coverage when they've put us all at risk by not disclosing
these issues to the browser vendors?

~~~
slyn
Second paragraph FTA: "So far, little is known about the successful exploits.
Until vendors have been informed of the flaws and those flaws have been
patched, details will not be made public."

~~~
ZeroGravitas
Yes, but how long have the researchers themselves known about these flaws? All
that time an actual villain could have discovered the same flaw and exploited
it. But instead weeks or months have gone by and for what benefit?

------
houseabsolute
Notably absent from this list . . .

