Not too long ago, we posted an article about a hacker claiming that Internet Explorer was the more secure browser. And today, the ‘more secure’ browser falls in a hacking contest after all of 2 minutes.
Read on for more information.
When it comes to computer security, your system’s protection is only as strong as the weakest link in your defensive chain. And for most computers, the weakest link is usually the web browser, which serves as the gateway to a whole world of information and malware.
Naturally, the browser is often the target of various exploits, and this year’s Pwn2Own competition was no exception, with web browsers being put up on the firing line for hackers to pit their skills in uncovering bugs and security vulnerabilities.
The first casualty of the browser exploits was Internet Explorer 8 running on a fully-patched and updated copy of Windows 7 (x64), where freelance vulnerability researcher Peter Vreugdenhil utilized a “two-exploit combination” to gain access into the machine, first by circumventing Windows’ much touted Access Space Layout Randomization (ASLR), which randomizes memory areas to make it much harder to predict where the attacks will land, to obtain a .dll file which Internet Explorer 8 loads into memory.
He then proceeded to make use of the obtained .dll file to bypass Windows 7’s Data Execute Prevention (DEP), a security feature which “prevents malicious code from running in sections of memory not intended for code execution”.
And it was done in all of 2 minutes.
Vreugdenhill described his exploit as a case of using Microsoft’s own system code against itself. “You can reuse Microsoft’s own code to disable memory protection,” he said in an interview.
However, Internet Explorer 8 was not the only Windows-based browser which fell to the might of hackers: under the hands of a Nils, a German researcher, Firefox 3.6 was also compromised with the same method Vreugdenhill utilized: by bypassing both ASLR and DEP.
Little is known about Nils’ exploit and his method of achieving it, but Portnoy, the organizer of Pwn2Own, said that Nils’ exploit “was very thorough”.
Meanwhile, Charlie Miller, the 3-time winner of Pwn2Own, had announced that he would not be handing over any of the vulnerabilities he found on Adobe, Apple and Microsoft’s software to the respective software makers, claiming that it was time that the software makers start finding their own bugs instead of waiting for security experts to find exploits and loopholes in the software.
He hopes that by withholding information about the vulnerabilities he had exploited, software makers “would be motivated to do better” by “duplicating his work” in an attempt to write more bug-free software.
Each of the winners won S10,000 along with the notebook that was successfully compromised as the prize of their efforts.