Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Linux/Open Source / Chrome Shines In Hacker Contest
Chrome Shines in Hacker Contest
Chrome Shines in Hacker Contest
By Adam Dickter / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MARCH
10
2011
Google's investment in security experts to find weaknesses in its Chrome browser has apparently reaped dividends at a prominent hacking contest.

Mozilla's Firefox also survived the Pwn2Own contest unscathed. Both companies sent out updates in recent weeks and offered cash prizes for anyone who found bugs, with Mountain View, Calif.-Google reportedly shelling out $14,000 for the tips.

The fifth annual contest coincides with the CanSecWest security conference held by HP TippingPoint and challenges security experts to take on patched versions of the latest browsers and operating systems for both desktop and mobile computers (with codes "frozen" two weeks earlier).

A Threepeat

It is the third straight year that Google's Chrome has gone unhacked at the event and this year the search giant offered $10,000 -- in addition to the contest prize cash and the computer used in the contest -- to the first team to discover a weakness. Although two teams registered to do so, one didn't show up and the other reportedly decided to attack Research in Motion's BlackBerry software instead.

Among the losers were Microsoft 's Internet Explorer 8, which was found to have three unpatched vulnerabilities by a British independent researcher, Stephen Fewer, ComputerWorld reported. Fewer said he spent six weeks developing an attack on Explorer's sandbox, which is designed to keep malicious code out.

Apple's Safari, just updated for bugs, also fell, in a mere five seconds to a French team who exploited a weakness in the open-source browser rendering engine, Webkit, according to ZDNet, which said the team from the testing firm Vupen won $15,000 and an Apple MacBook Air.

The hackers attacked the browsers one at a time, rather than go head to head to see which fell first.

"Looks like Google scared off the hackers with its security updates," said Ed Skoudis, an instructor at the SANS cybersecurity institute in Bethesda, Md.

According to a report in The Guardian, an attempt to hack Google's Android mobile operating system was canceled after Google patched the hole he had planned to exploit.

Easy Pickings

Skoudis said Explorer and Safari were seen as the "easy pickings" in the contest.

"Google has done some good things with Chrome over the past two years," he said. "When it first came out, its security was rocky, but they've rapidly gotten better. I think Apple has been lulled into complacency with Safari, given that its low market share means that attackers don't spread exploits for it as often as for other browsers. I believe strongly that it is more vulnerable, but less exploited.

But that may not last long.

"As its market share increases, especially with mobile Safari on iPhones and iPads) I think that equation will turn against Apple," said Skoudis. "They will have to get much more serious about security."

Tell Us What You Think
Comment:

Name:

CraigG:
Posted: 2011-03-11 @ 5:12pm PT
I'm not sure about this title. It's pretty biased, especially for an article posted on the first day of the event.

"Chrome collects dust in corner" might be more accurate.

StareClips.com:
Posted: 2011-03-10 @ 5:30pm PT
"When it first came out, it's security was rocky, but they've rapidly gotten better."

It should be ITS not IT'S.

Ed. note: Yes, fixed it, thanks!

Like Us on FacebookFollow Us on Twitter
MORE IN LINUX/OPEN SOURCE
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.