0

Well that didn't take long. No sooner had Microsoft officially launched Internet Explorer 8 to the waiting masses and talked up how new security features will ensure hackers will find it more difficult to exploit the new browser that guess what? Yep, a hacker exploits the new browser.

During his keynote speech at the Las Vegas MIX 09 conference, Dean Hachamovitch, the Microsoft Internet Explorer head honcho, made much about how IE8 had been specifically engineered in order to better withstand the type of evolving attacks methods that the hackers of today like to employ. He even went as far as to make the point that IE8 is the only browser that packs "built-in protection from cross-site scripting and out-of-the-box protection against clickjacking" in fact.

Others have remained unconvinced, and it is not too diff cult to find security researchers and analysts who will happily tell you how it is still too difficult to secure easily because it remains too bloated.

So I guess it should come as no great surprise to discover that even as Hachamovitch was talking so a hacker called Nils from Germany was accepting a $5000 cash prize and a Sony Vaio laptop as his reward for successfully hacking IE8 at the annual PWN2OWN contest during the CanSecWest security conference.

This is the same conference that has already seen one chap successfully hack a MacBook in less than 10 seconds can you believe?

Nils, like the MacBook hacker, achieved his feat by exploiting a previously unknown vulnerability in the browser running on a recent build of Windows 7. The MacBook fell courtesy of a Safari exploit. The good news being that PWN2OWN sponsors TippingPoint use the prize money to purchase details of the vulnerability and any exploit code used, and then pass this information immediately to the vendors who can then work to fix the security holes exposed.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

3
Contributors
2
Replies
3
Views
8 Years
Discussion Span
Last Post by sommoP
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.