
10 Lessons From The Pwn2Own Hacker Contest - r11t
http://threatpost.com/en_us/slideshow/10-Lessons-From-The-Pwn2Own-Hacker-Contest
======
rfrey
"Despite the survival of Google Chrome and the fall of Internet Explorer 8
(running on Windows 7), all the browser hackers at the contest maintained that
Microsoft's browser is by far the most difficult to exploit. For starters, IE
8 is the only browser to fully -- and properly -- implement ASLR (see
explanation from Nils)"

------
prodigal_erik
I blame reckless use of native code. Would a browser within a bounds-checked
typesafe VM have any of these flaws?

