Safari Browser and IE Successfully Uprooted Hacker

Safari Browser and IE Successfully Uprooted Hacker, Not unexpectedly made ​​by Apple's Safari browser and Microsoft Internet Explorer 8 has the same fate. Successfully subvert Pwn2Own hacker on the first day of the contest that was held as part of a technology security conference CanSecWest in Vancouver, Canada, 9-11 March 2011.

Researchers from security system companies Vupen, France became the first team to successfully break through the Safari 5. Even according to the software version number, they do it in just five seconds. No kidding that uprooted a 64-bit browser running on Mac OS X Snow Leopard on the MacBook and patched a big advance.

Co-founder Vupen, Charouki Bekrar, and two members of his team worked hard for two weeks to find a weakness in Safari 5. They found him on WebKit, an open source-based rendering engine used by the browser and. They managed to take advantage of weakness to go through the system via the ASLR (address space layout randomization) and DEP (Data Execution Prevention), two special security features designed to prevent malicious programs infiltrate.

In fact, the team has created a special program to infiltrate through the hole weakness. These programs allow calculators and infect a computer to take full access. "Victims who visit a website, he will be caught. Without any interaction required," said Bekrar. While IE8 security researchers solve challenges Fewer Stephen Ireland. He managed to break through a browser running on 64-bit version of Windows 7.

IE8 To penetrate the security system, Lack found three weaknesses, two of whom have been anticipated from the beginning to exploit. With two weaknesses through it, he managed to find a third weakness to break through Protected Mode sandbox so it can access the full operating system. As Vupen, he also successfully infiltrated by hacking into the DEP and ASLR in Windows 7.

For its success, Vupen bring U.S. $ 15,000 and 13-inch MacBook Air computer ditaklukannya. Less steals while also entitled to a prize of U.S. $ 15,000 and the Sony Vaio computer that had taken over his system.

According to contest rules, all exploitation techniques that successfully penetrate these weaknesses will not be published. The committee provides the data for TioipingPoint as a sponsor. more info will be given to each vendor to provide an opportunity to patch or repair up to 6 months before it is disclosed to the public.

The contest took place on the second day. However, other browsers, Chrome 9 and Firefox 3.6 failed uprooted every participant. Meanwhile, to contest the mobile device, the iPhone 4 and BlackBerry Torch also successfully conquered. While Android and Windows 7 Phone survived.