Microsoft won’t patch Internet Explorer before hacking contest next week

WEB BROWSERS will be hacked and laughed at during next week's Pwn2Own hacking contest, but Microsoft won't be fixing any Internet Explorer bugs beforehand.

Pwn2Own is held at the annual Cansecwest security conference, which gives away devices and cash prizes. Last year Internet Explorer, Safari and Firefox were successfully hacked and exploited.

But Microsoft isn't patching up Internet Explorer before the big day, perhaps realising it's pointless as the security experts involved are notorious for breaking into just about anything, including Iphones.

Instead next week's Patch Tuesday focuses on Microsoft Windows and Office. There are three bulletins, one critical and two rated important. All could result in remote code execution, where an attacker can run code on a target computer without having to be there.

Last year Internet Explorer 8 was successfully hacked by Peter Vreugdenhil, who got past insecurity mitigation technologies. Safari was hacked by famed security researcher Charlie Miller.

Chrome didn't appear to do too badly at the 2010 contest, but that will probably change this year as Google's web browser has become more familiar to potential hackers.

All this web browser hacking sounds dodgy, but it's fully supported by the security community. The sponsor of the contest, Tippingpoint provides a report to the web browser vendor detailing the exploit. This isn't publicly revealed until the flaw is fixed.

For firms like Mozilla, Apple and Microsoft it is slightly embarrassing to see your web browser hacked so quickly, but it's probably better than if you had a criminal gang doing it. µ