Wednesday, May 13, 2009

CanSecWest Browser Hacking Contest - what a help

SecurityFocus article is here.

Security researcher Charlie Miller held onto a vulnerability for an entire year, before using it on Wednesday to win $5,000 and an Apple laptop at the Pwn2Own contest here at the CanSecWest conference.

I'm not sure which is least responsible, someone hanging onto a vulnerability for a year or holding contests that encourage this kind of behavior. Ok, sure, Safari isn't exactly widely deployed so maybe the bad guys didn't also discover this and exploit it for a year.

Another individual, Nils, successfully exploited an out of the box Explorer 8 on Windows 7. Given all the security features added to both, I think that's a pretty impressive feat.