Hacker busts IE8 on Windows 7 in 2 minutes

Moderators: b1o, jkerr82508

User avatar
R_Head
Berserk
Posts: 2643
Joined: 17 Mar 2010, 15:40

Hacker busts IE8 on Windows 7 in 2 minutes

Postby R_Head » 25 Mar 2010, 15:06

Computerworld - Two researchers yesterday won $10,000 each at the Pwn2Own hacking contest by bypassing important security measures of Windows 7.

Both Peter Vreugdenhil of the Netherlands and a German researcher who only would give his first name of Nils, found ways to disable DEP (data execution prevention) and ASLR (address space layout randomization), two of Windows 7's most vaunted anti-exploit features. Each faced down the fully-patched 64-bit version of Windows 7 and came out the winner.

Vreugdenhil used a two-exploit combination to circumvent first ASLR, then DEP, to successfully hack IE8. A half hour later, Nils bypassed the same defensive mechanisms to exploit Mozilla's Firefox 3.6. For their efforts, each was awarded the notebook they attacked, $10,000 in cash and a paid trip to the DefCon hackers conference in Las Vegas this July

Here is the rest of the story

User avatar
viking60
Über-Berserk
Posts: 9316
Joined: 14 Mar 2010, 16:34

Re: Hacker busts IE8 on Windows 7 in 2 minutes

Postby viking60 » 25 Mar 2010, 16:02

What? It tooke him that long? :mrgreen: To be fair he hacked FF and safari too. Still a good reminder of why we are using Linux.
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
dedanna1029
Sound-Berserk
Posts: 8595
Joined: 14 Mar 2010, 20:29
Contact:

Re: Hacker busts IE8 on Windows 7 in 2 minutes

Postby dedanna1029 » 25 Mar 2010, 20:03

Man, there's always a "someone hacked IE or Windows" thing every year. :P

It got to where it didn't impress me any more.
I'd rather be a free person who fears terrorists, than be a "safe" person who fears the government.
No gods, no masters.
"A druid is by nature anarchistic, that is, submits to no one."
http://uk.druidcollege.org/faqs.html


Return to “Win News”