Over the past decade, Microsoft, the target of choice for many online attackers, has hardened its operating system, adopting technologies designed to make it harder for attackers to find and exploit vulnerabilities. Apple and many other software makers have followed suit, introducing similar additional security measures to their operating systems.
Yet last week, during the “Pwn2Own contest” at CanSecWest, a security conference in Vancouver, Canada, security researchers demonstrated that software makers need to do more to protect their programs. Using previously unknown vulnerabilities, the researchers were able to compromise Apple’s Safari, Microsoft’s Internet Explorer 8, and Mozilla’s Firefox Web browsers by circumventing the latest security technologies in place in the operating system underneath.
“These things make it hard–they really do,” says Charles Miller, a principal analyst at Independent Security Evaluators and the researcher who circumvented the security of Apple’s Safari browser and the Mac OS X Snow Leopard operating system underneath. “But, no matter what, a determined attacker can find a way in.”
The results of the Pwn2Own contest underscore a truism in security: Defenders must be right all the time, but attackers only have to be right once. “The exploits are really creative; that’s why they are tricky,” Aaron Portnoy, security research team lead for TippingPoint, the security firm that sponsors the Pwn2Own competition. Continue reading.
Digital Ocean is a VPS/Cloud hosting provider. For just $5 per month, you can get yourself a Cloud server with 512 MB of RAM, 20 GB super-fast SSD, free snapshots, plus backups for a minimal fee. All via a simple graphical interface.
And by signing up with this referral link, you can help support this website.
If you are reading this, your ad could also be occupying this space. Contact us to make it happen.