Soft Spots in Hardened Software

Over the past decade, Microsoft, the target of choice for many online attackers, has hardened its operating system, adopting technologies designed to make it harder for attackers to find and exploit vulnerabilities. Apple and many other software makers have followed suit, introducing similar additional security measures to their operating systems.

Yet last week, during the “Pwn2Own contest” at CanSecWest, a security conference in Vancouver, Canada, security researchers demonstrated that software makers need to do more to protect their programs. Using previously unknown vulnerabilities, the researchers were able to compromise Apple’s Safari, Microsoft’s Internet Explorer 8, and Mozilla’s Firefox Web browsers by circumventing the latest security technologies in place in the operating system underneath.

“These things make it hard–they really do,” says Charles Miller, a principal analyst at Independent Security Evaluators and the researcher who circumvented the security of Apple’s Safari browser and the Mac OS X Snow Leopard operating system underneath. “But, no matter what, a determined attacker can find a way in.”

The results of the Pwn2Own contest underscore a truism in security: Defenders must be right all the time, but attackers only have to be right once. “The exploits are really creative; that’s why they are tricky,” Aaron Portnoy, security research team lead for TippingPoint, the security firm that sponsors the Pwn2Own competition. Continue reading.

Related Posts

Removing the RSA Security 1024 V3 Root There’s been confusion today about the work we’re doing on our root store, the set of trusted certificate authorities shipped with Mozilla products. T...
In Networks We Trust European researchers are proposing a paradigm-shifting solution to trusted computing that offers better security and authentication with none of the d...
How to manage disk encryption passphrases and key slots Disk encryption is one method you may use to enhance the physical security rating of your computer. From my experience, it is rarely used, which is a ...
Improved Online Security for a Tenth of the Cost Computer scientists at the University of Hertfordshire have found a way to share information online securely for a fraction of the cost of existing sy...
3 Problems Cloud Security Certification Can Solve What if there were widely accepted standards for cloud security and, better yet, a universally recognized designation for “trusted” cloud providers? ...
Traffic Mining Firewall Logs Could Improve Network Security A firewall is the safety barrier between a computer network and the outside world. Individuals, companies and large organizations alike rely on a fire...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*