The unofficial home of AMD fanboys
|
|
|
Chrome and Firefox were lucky to escape Pwn2own hackers
AT THIS YEAR'S Pwn2own hacking contest Internet Explorer and Safari were hacked in quick time while Chrome and Firefox remained relatively unscathed, but the competition's sponsor made it clear that this didn't mean they were any more secure.
Simon Leech, manager of Solution Architects EMEA at Pwn2own sponsor HP TippingPoint, said he was surprised that Chrome in particular didn't go down because Google itself offered money for a hacker to take down the web browser.
But this didn't mean that the web browsers were any more secure, with a combination of factors and 'luck' leading to only IE and Safari suffering embarrassment this year. For example, Google came out with a patch release just before the competition that Leech believed fixed a vulnerability one researcher was looking to take advantage of.
Speaking during London's Infosecurity conference, Leech said, "There are definitely vulnerabilities in Chrome - it's not the most secure browser out there. There is no evidence to suggest that Chrome is any more secure than any of the other browsers."
He added, "It also might be something to do with Google's policy towards vulnerability research. They are starting to pay people, so researchers may have felt it was better to take their vulnerabilities to Google."
When The INQUIRER asked Leech for a straight-up answer to what the most secure web browser was out there, he jokingly said Wget, a Linux text-based file transfer utility.
But he followed that by saying, "To be honest there is no most secure web browser. You can definitely help your own security by configuring it correctly - disabling stuff that could lead to a security problem."
"Be careful with what you do with Java, use some of the plugins that are available to browsers to check that you're surfing at a secure site. But it's not the browser security you have to worry about. At a certain point every browser has a vulnerability in it somewhere. It's more about the usage of your browser."
Like operating systems, market share has always been the real issue when it came to which browser is most likely to be targeted. Internet Explorer still has the biggest market share of the browsing market, so it is obviously most likely to be profitable for cyber criminals.
Leech said, "Take as an example, Microsoft versus Apple in operating systems. Microsoft still has the major market share, so it obviously makes sense for a hacker to target it."
"You get a lot of these Apple owners who say they are much more secure and they don't need anti-virus. It's a load of junk. All the vulnerabilities are there, but the only reason the viruses aren't there is because they aren't exploited due to the lack of market share."
"The same thing goes for the web browser. The two main targets have always been Microsoft Internet Explorer and Mozilla Firefox. There are plenty of other web browsers out there, but they have such a small market share." µ
Tags: Security
Share this:
Share
To: Common
i <u Common,
stop about market share nonsense ... absolutely has nothing to do with security ...
Cheers</u /i
You are wrong. It has everything to do with Market Share, when working on a system that has to be up 24/7.
Two of Microsoft's big customers, both went down. I am talking BIG server farms, doing business world wide. This happened within days of each other. Both running Microsoft, and they (and their customers lost a lot of time, money and reputation.
Desktops are not generally as critical... but, can be.
Personnaly, I was knocked out of everything my systems had, 3 times in a short period, because of Microsoft's buggy update system (Since I left Windows for good some time back, several other such stupidity 'features have occurred.
But not to me.
Most servers that really HAVE to run only use Microsoft for two reasons. Paid off (Nokia) or money in form of pay off.
More are finding IE (which, the next version is not fully backwards compatible... something like their Office products), is a security risk, and are migrating to Firefox, Chrome and Opera.
The 50% of market share was lost by IE, recently. Three reasons. Poor Security (their prime 'FEATURE,' Inadequate Security, and enough pissed off about Microsoft torpedoing the other browsers. (Another reason why I quit the evil empire)
I have dealt with some 'black hats'...
The general impression is, we can win money breaking it... so they do.
Firefox is not Ironclad, but, I noted it wasn't broken. Same with Chrome.
Apple's offing was where it usually is.
All have had wins and losses in this show, in the past.
My honest opinion?
Microsoft is to security, Like a hog leaving the pig waller is to a clean house...
Common,
stop about market share nonsense ... absolutely has nothing to do with security ...
Cheers
Quoting:
i but the competition's sponsor made it clear that this didn't mean they were any more secure. /i
Reading the statements, from the author and quoted people...
The hackers at these events target Microsoft products, because they are simple holes to find (many more are documented in the 'black hats' files, than are known by anyone other than they or Microsoft...)
They get golden stars and recognition from their peers, for getting into the other systems.
Google pays for black hats and other crackers to bust their systems.
Microsoft shuts everyone up about the vulnerabilities.
Mozilla, being mostly worked on by open source people (not as much money as Google and Microsoft)...
Are told of the problems and fix them (generally in a day to several days.)
So, the sponsor, generous to a fault, somehow is getting money from one of the two monied groups (conclusion of what was said... I am not giving proof...)
The article is biased for Redmond.
i As long as Microsoft uses Active X in its products, it can never be made safe<?i Their words.
So what the competition's sponsor just told us is that of the two browsers that get targeted the most--Firefox and IE--Firefox stood strong and IE got pwned. Yet another example of Free Software's superiority.
It's just like pwnage of GNU/Linux vs. pwnage of Microsoft. GNU/Linux and Free/Net/OpenBSD, all Free Software platforms, run most of the Internet Web servers on the planet (Solaris still there, but not as much as years past), as well as a whole lot of the Internet email and DNS servers worldwide. That's a nice, fat target, right? You bet! But what gets regularly pwned instead? Microsoft Windows computers. :-)
Just sayin'....
--SYG
Sorry, but wget is not a browser, you should've said links or lynx.
Recently patched security hole in wget on linux was: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2252