Chrome and Firefox Hold Attack from Hacker

VANCOUVER - hacking contest to break the security system Internet browser and mobile devices called Pwn2Own that lasted as the CanSecWest conference in Vancouver, Canada, 9-11 March 2011, has ended. As a result, a browser made ​​by Google and Chrome 9 Mozilla Firefox 3.6 that is not broken. While 5 of Apple's Safari and Internet Explorer 8 Microsoft's submission on the first day.

"I love Pwn2Own! Safari and IE8 broken on the first day, but not with Chrome," writes Matt Cutts, head of Google's web spam team, in your Twitter account when the first contest day is complete. The hope lasted until the contest ends since Chrome was nevertheless successfully penetrated.

This is Google's goal to maintain the record for browsers that do not easily penetrated. For two consecutive years in the same contest, Chrome proved to be the only browser that can not be penetrated by hackers. However, this year Firefox 3.6 was no less safe and for the first time failed uprooted.

"Whew, Firefox survive in # pwn2own 2011. This is not a big success, but I am still glad to hear it," said Brendan Eich, CTO of Mozilla, on his Twitter account to comment on such good news. Do not forget, Mozilla boss was also congratulated the team of Google Chrome through the next tweet.

The same praise delivered Google to the Mozilla team. "The two browsers that survive are both open source, have a rewards program, have the inherent security team, better and faster improvement. coincidence?" writes Chris Evans, an engineer in Chrome security team.

In addition to challenging the hackers to penetrate the security your Internet browser, Pwn2Own also challenges participants through a mobile device operating system. IOS on the iPhone 4 and BlackBerry Torch successfully penetrated, but the Android and Windows 7 Phone survive.

"Hacker" Conquer BlackBerry and iPhone Torch 4

VANCOUVER - In the hands of hackers, 4 Apple iPhone and BlackBerry Torch made by Research In Motion (RIM) appeared to still be uprooted security system. The hackers who participated in the contest Pwn2Own in Vancouver, Canada, 9-11 March 2011, it managed to conquer these two smartphones. 

Three researchers with the name Team Anon successfully penetrate the security system via BlackBerry Torch found many weaknesses in the browser rendering engine Webkit or luggage. They managed to smuggle the program proved to them by exploiting a number of weaknesses were to steal contact lists and databases of images. 

Despite many shortcomings, not easily penetrate the BlackBerry. This is because there is no documentation for the public about the operating system. Therefore, hackers have to do trial and error techniques to try to penetrate. 

Webkit is one part of a potential easy target. BlackBerry Torch is the first BlackBerry device that uses WebKit in its browser. However, the browser still has not completed the address space layout randomization (ASLR) and Data execution prevention (DEP). According Iozzo, though it is still spelled out than the iPhone from the security side, the closure of the BlackBerry became a separate obstacle. 

"It would be difficult to attack the system if you do not have any documentation and information," said Iozzo.  

As for attacking the iPhone 4, hackers also exploit weaknesses in the mobile version of Safari browser. Charlie Miller, a security researchers from Independent Security Evaluators Blazakis Dion and his colleagues, managed to smuggle a program to steal contacts list. It uses the technique of return-oriented programming (ROP) with DEP bypass. 

Target of the attack was the iPhone 4 that use the IOS operating system 4.2. In the latest IOS version 4.3, the vulnerability is still not fixed. However, additional ASLR may be able to resist the techniques used to attack. 

"However, only need slight modifications to penetrate the security layer and the devices are still vulnerable from attack until MobileSafari patched," said Miller.  

The three researchers, namely Vincenzo Iozzo, Willem Pinckaers, and Ralf Phillip Weinmann, is entitled to steal U.S. $ 15,000 prize and devices that conquered it. The same thing for the team led by Miller.

Until the contest ended, the two other systems, Android 2.3 running on the Samsung Nexus S and Windows Phone Pro 7 on Dell Venue yet to be penetrated. However, this is not because the level of security managed to survive, but because no participants menjajalnya.

For the contest to break the browser, Chrome is only 9 and Firefox 3.6 that survive from the attack. Safari and Internet Explorer 8 successfully conquered hackers from day one.