Current Event: Speculation about Upcoming Pwn2Own Hacking Contest
A recent article from Ars Technica, modded to high popularity on Digg, reports that last year’s Pwn2Own winner is predicting that Safari will be the first browser to crash in this months”s contest.
Pwn2Own, in Vancouver BC, is part of the CanSecWest security conference. It challenges hackers to find and exploit vulnerabilities in popular web browsers including Safari, Firefox, Google Chrome, Internet Explorer, and Opera; on popular platforms including Windows, Mac OS, and mobile phones. The first person to hack each machine gets to take it home.The article highlights two interesting facets of security research:
- Encouraging “breaking” something makes it more secure. The Pwn2Own competition is motivated, not by malevolence, but by a desire to actually improve the software. This can be confusing to those outside the security community, who often see any attempt to hack as malicious – often creating disturbing headlines about well-meaning hackers being prosecuted legally. By providing a competition encouraging such behavior, the Pwn2Own competition is actually helping web browser developers to make their products more secure.
- “Perceptions” of security are extremely important. This article was modded up extremely high on Digg – and why? Because some hacker “feels like” Safari is less secure. Talking about actual bugs and exploits are not interesting/understandable to readers but they do care, in general terms, about whether a browser is more or less secure, even though they don’t know what exactly that means.
The implications of browser security are increasingly important as the browser wars continue, and as web-based applications are coming to dominate computing. With more and more people storing more of the information and performing more transactions online, the assets involved in securing online actions are extremely important. Furthermore, as 4 popular browsers are in competition, their relative security features are a major distinction for prospective users.
In about two weeks, the competition will take place right near our own school – sending hackers into a frenzy, and developers in a frenzy to fix the holes.