EmailSafety.net - Researcher hacks just-launched IE8

Researcher hacks just-launched IE8

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

Just hours before Microsoft officially launched the final code for Internet Explorer 8 (IE8), a German researcher yesterday hacked the browser during the PWN2OWN contest to win $5,000 and a Sony Viao laptop.

IE 8 released, made available on Web
Researcher cracks Mac in 10 seconds at PWN2OWN, wins $5K

The researcher, a computer science student from Germany who would only give his first name, Nils, broke into the Sony within minutes by exploiting a previously-unknown vulnerability in the new browser, said , said Terri Forslof, manager of security response at 3Com's TippingPoint, the contest sponsor. The laptop was running what Forslof described as a "recent Microsoft internal build" of Windows 7.

Earlier today, Microsoft launched the final version of IE8 for Windows XP, Vista, Server 2003 and Server 2008. A final edition for Windows 7 has, however, not been released to the public.

Related Content

"It was important for Microsoft to see that bug right away," said Forslof today. "There are cases in product development where you might have a vulnerability so critical that [the vendor] makes the call to actually block the release. Microsoft needed to see that and evaluate that vulnerability."

TippingPoint purchases the vulnerabilities and the rights to the exploits when it awards cash prizes during PWN2OWN. At that point, it hands over the information to the vendor.

"This is the awesome part of PWN2OWN," said Forslof. "Microsoft got to stand there and watch it happen. They were right at ground zero." Within five minutes of Nils hacking IE8, TippingPoint had provided details and code to Mike Reavey, operations manager for the Microsoft Security Research Center (MSRC), who was at CanSecWest, the Vancouver, British Columbia security conference that hosts PWN2OWN. "They took it back to Microsoft and filed a bug," Forslof said. "That's a real success story. Microsoft had the opportunity to talk directly with Nils about the bug, and within five hours they had it reproduced in their labs."

Microsoft was unavailable for comment Thursday about the IE8 vulnerability.

IE8 wasn't the only browser Nils hacked yesterday, however. After he took down IE8, he moved on to Apple's Safari and Mozilla's Firefox, both of which he successfully exploited with attack code he had created earlier. His total for the afternoon: $15,000 in cash from TippingPoint, and the Sony.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites