Linked by Thom Holwerda on Thu 19th Mar 2009 06:44 UTC, submitted by Moulinneuf
Privacy, Security, Encryption As he had already predicted, cracker Charlie Miller has won the PWN2OWN contest by cracking Safari and Mac OS X within seconds of the start of the competition. "It took a couple of seconds. They clicked on the link and I took control of the machine," Miller said after his accomplishment. He took home the USD 10000 prize, as well as the MacBook he performed the exploit on. Internet Explorer 8 fell a while later by cracker Nils, who also cracked Safari and Firefox after being done with IE8.
Permalink for comment 353844
To read all comments associated with this story, please click here.
RE[2]: Sad to say
by Valhalla on Thu 19th Mar 2009 08:00 UTC in reply to "RE: Sad to say"
Valhalla
Member since:
2006-01-24

In order to remotely attack a machine you need a way to deploy that attack. These days most operating systems (even windows) have realized that keeping alot of default ports open (listening) is stupid. So the best way to deploy your attack is pretty much through the web.

However some things bother me with this, they claim that they can take full control of the machine through the webbrowser, how exactly can they do that if the browser is running in userland under an account with user privileges? The way I see it they can only utilize the power given to the account which the browser is running under unless they also have some OS privilege-elevation exploit aswell?

Or are all these browsers being run under administrator privileges (which is pretty stupid)?

Reply Parent Score: 5