jueves, 7 de marzo de 2013

Browsers, Operating Systems, and Pwn2Own

This is bad news.

Apparently, Microsoft's Internet Explorer 10, Google Chrome, and Mozilla Firefox fell prey at the famous hacking contest Pwn2Own .

The worst part is that they were beaten on the very first day of the contest.

No, that is not the worst part.

Actually, the worst part is this:

Bekrar’s IE10 hack bypassed all of the protections built into Windows 8 and IE and allowed code to be executed without crashing the browser.

So, it is not even 6 months after the launching of Windows 8 with its powerful "secure boot" and it was hacked on the first day?  Let's remember: "secure boot" was so necessary that it was mandatory for Windows 8 to run.

And what about Linux?  It is not present in this contest since 2008.  The reason given in 2011? "Because it is not a widespread system."  I guess the fact that it wasn't hacked in 2008 had nothing to do with that. 

Now...there are some points to ponder about Windows 8.

1.  If it took hackers one day to bypass all of Windows 8's security features, was it true then that "secure" (let's call it "restricted" until it actually becomes secure) boot was so secure as they told us? It had been hacked previously, too.

2.  What's going to happen now?  Will Microsoft actually patch Windows 8 or they will simply keep that information secret? 

3 comentarios:

  1. I don't think that MS will be disclosing this information any time soon because, after all, what good is a "secure boot" that is not secure? That would hurt the already poor reception of Windows 8.

  2. 1. The Pwn2Own people may have said that Linux hasn't been included due to its relative obscurity, but I am fairly certain (though please correct me if I'm wrong) that they have also said that Linux is so well-built in terms of security that there's no point in including it anymore because if anything, it just keeps getting better.
    2. I wasn't under any illusion that Microsoft really cared about security with "Secure Boot". If anything, it is more obvious now than ever before that all they really wanted was more control over the computer.
    a Linux Mint user since 2009 May 1

    1. 1. I don't know if they said that. If they did, I'm even happier to be a Linux user!
      2. Neither was I, but even if we said it, nobody believed us because of our "Linux biases." Now, those are facts.