- by Chad, "Dream", Weaver
This month was one of my favorite events in the internet security field, the annual Pwn2own contest. This is where the companies that produce all the different operating systems and web browsers from old standards like Apple and Microsoft, to the phone OS makers including RIM and Google, put up money to see if their respective systems get compromised. This organized event also gives the complete details of the exploits to the vendor providing them information on how it was completed and time to patch the holes before the details of the exploit are released to the general public. This like always was filled with successful attacks and some interesting ones too. I just want to recap the results now that the event is over and some of the implications and general thoughts that come out of an event like this.
This is the 5th year for this contest all the big players had different systems lined up to see if anyone could compromise them, prize money is awarded to the person or team that can complete a successful exploit and they get to keep the device, hence the name of the contest. The very first one to fall was Apple’s Safari, running on a fully patched MacBook Pro, it was 5 seconds after having a user directed to a specially crafted link that the exploit was able to escape the sandbox mode. This has some important implications and should stand as a reminder that because you own a Mac you are no safer than a Windows user, just because there are few viruses and bad programs now does not mean that they can’t be created. The false sense of security that owning a Mac provides a user needs to be addressed in the near future, as they grow in popularity so too will exploits such as this, and unlike MS which has been under fire for years forcing them to create and maintain a patch schedule to address these exploits, Apple does not have the same system.
Don’t think that MS made it out unscathed either, though. IE 8 also fell after the winner used 3 separate exploits. Two to execute code with in the browser, but the most interesting part was the third helped escape Internet Explorers protected sandbox mode. This was unexpected as there is only one publicly known way to do this, and Microsoft is very interested in the details. This was running on Windows 7 64 bit which also increased the difficulty.
The other two big browsers escaped unscathed, Chrome and Firefox with Google offering even more money to anyone that could compromise its browser. This doesn’t mean that they are any safer just that no one attempted to attack these browsers; some contestants opted to try other systems or pulling out before the contest for various reasons. This is the 3rd year that Chrome has left the contest without anyone successfully compromising it.
Google Apps Blog:
Chrome delivers the fastest Google Apps experience and protects users against phishing and malware on the web. This browser is now available for download with support for the following administrator functionality:
MSI Installer: A standalone installer that allows admins to install the Chrome browser at a system-level across the organization.
Group Policies: These allow admins to configure common behaviours across the organization such as default search provider, default homepage and many more.
Policy Templates: ADM and ADMX templates are included in order to help admins easily configure these policies that manage security and privacy including the ability to disable auto-updates.
That sound was your nerdy IT admin falling over in his chair. I'm sure his sweater vest is fine, though. No worries.
I like to think I'm "hip" to current technologies. I'm on the "cutting edge". With that said, I LOVE me some Chrome. For those not in the know, Chrome is like Internet Explorer, but good. Sure, sure, there are people that will be saying, "no way man, IE is the best browser out there." Possibly Andrew, "Ballmer Jr.", Levin.
My problem is that IE often doesn't render the most modern websites. It doesn't yet support some of the more modern tools that websites use to display content. Google Chrome is usually leading the way in this respect. So it's nice to see Chrome getting an official "For Business" addition to their stable.
It was a good ride while it lasted.
Google CEO Eric Schmidt has resigned from Apple's Board of Directors. Schmidt's company has started to come into conflict with Apple's more and more with Android, Chrome and Chrome OS and even Google Apps debuting. Therefore it was in both companies best interest for him to no longer be involved in their top secret meetings.
Gone are the days where Schmidt and Jobs would skip down the street happily for Ben & Jerry's, slapping each other 5 after using the iPhone Maps application to find the nearest Starbucks and giving each other pounds, laughing hysterically while they see someone using a Zune to listen to music. Yes, those touching heartwarming moments are over, friend. But it's not like they were going to last even without this Board resignation.
Remember that amazing blog that was on this very website about the Google Voice app? (It was the one with amazing writing and rapier like wit.) It turns out there is a slight update. The FCC is investigating Apple, AT&T and Google as to what the deal is with the application approval process. They want to know exactly what happens when an application is submitted, and just who has say in the whole thing. The only one to come out of the investigation unscathed looks to be Google.
As Apple and Google distance themselves even further, prepare to hear the phrase, "Going Google" a heck of a lot in the next few months. Think Apples old school ‘Switch' ads for a new, nerdier generation.
Is that even possible?
If so be afraid, very afraid.