March 31, 2014 No Comments-
In March all four major internet browsers – Google’s Chrome, Mozilla’s Firefox, Apple’s Safari and Microsoft’s Internet Explorer – were successfully exploited by hackers. No, this wasn’t a terrible day for the internet, but a great day for contestants of Pwn2Own, one of the world’s biggest hacking events.
Competitors at Pwn2Own – who are typically computer security researchers – spend three days desperately trying to find security holes in the world’s most popular internet browsers. The prize? Pride at being elite enough to find the vulnerabilities, and $50,000 per discovery.
And discover they did, as all four browsers showed security vulnerabilities.
The most-hacked of the four big browsers was Firefox, which was exploited three separate times on the first day and once more on the second. If you use Firefox, don’t worry – Mozilla has already fixed all of the issues discovered at the event.
Google has also fixed the two exploits that were used against it, which netted the discoverers $50,000 each. It’s currently unclear whether the Safari and Internet Explorer issues have been secured at this point.
The failings of all four browsers, however, mean that there is no “stand-out” browser of Pwn2Own 2014. Traditionally, Chrome has fared well in the competitions. It was also a bad few days for Adobe, whose Reader and Flash products (which you probably have installed on your computer) were also compromised.
Aside from the participants in Pwn2Own, Google also got involved in a charity version of the competition, where its team found a way to hack Safari on a Mac to open the calculator application. This doesn’t sound scary, but if they can remotely open calculator, they could also have done a lot of other, more malicious, things. Remember: Macs aren’t immune to security threats.
While this may sound scary for internet security, the truth is that this isn’t as bad as it may seem. Sure, all four browsers were exploited, but a lot of the competitors find security holes earlier in the year, then save them for the event to earn the maximum amount of money and prestige. After all, Mozilla only pay $3,000 per discovery, whereas this event offers $50,000.
Also, these exploits are typically used by criminals to install malware onto your computer. If new security holes are discovered, you’ll be relatively safe if you have up-to-date anti-virus software.
Norman Safeground Blogs Archive