Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Development

    Microsoft Won’t Patch Internet Explorer before Pwn2Own Hacking Contest

    By
    Fahmida Y. Rashid
    -
    March 4, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft will not be updating Internet Explorer before the Pwn2Own hacking contest, despite the fact that elite hackers will be gunning for the Web browser.

      Microsoft made the announcement on March 4 as security researchers are getting ready for Pwn2Own, a contest that pits hackers against the latest versions of the four major browsers and four mobile platforms for cash prizes.

      The targeted browsers include Internet Explorer 8, Apple’s Safari 5, Google’s Chrome 9 and Mozilla’s Firefox3.6. The mobile platforms include a Dell Venue Pro running Windows 7, an iPhone 4 running iOS, a Blackberry Torch 9800 running Blackberry 6 OS and a Nexus S running Android.

      In contrast, Mozilla and Google announced a number of patches in advance of the contest for their respective browsers. Mozilla rolled out patches on March 1 for 10 security flaws in Firefox, and Google patched 19 flaws in Chrome. Most of the bugs were either high-priority or critical.

      Microsoft tends to update IE in even-numbered months, and already patched the browser as part of its gigantic Patch Tuesday update on Feb. 8.

      Apple may patch Safari before the contest begins, according to a post on Twitter by French security firm Vupen. “Anti-pwn2own again: Apple fixed a record of 50 vuln[erabilities] in WebKit (iTunes), and is preparing the update for Safari/Mac OS X,” the company posted.

      Charlie Miller, security researcher at Independent Security Evaluators, known for cracking Safari for the last three years at the contest, doesn’t think the potential patch will stop him in his fourth attempt this year, according to Ars Technica. Miller has also exploited vulnerabilities in the iPhone during past contests. He’s slated to go fourth in his attempt to crack Safari, and second to hack the iPhone in this year’s competition.

      Last year, only Apple and Google updated their browsers before Pwn2Own. Mozilla found but couldn’t fix a critical vulnerability in Firefox before the contest, so organizers ruled that hole off-limits to contestants.

      Security researchers find existing vulnerabilities and create exploits for unpatched bugs in the existing products before the contest. They then take turns during the contest to try to be the first at successfully hacking the targeted platform. All vulnerabilities and exploits used during the competition belong to Tipping Point, the sponsor of the contest, according to the rules.

      The organization’s Zero Day Initiative bug bounty program then reports the bugs to the appropriate vendor and gives them six months to fix the problem before releasing the information to the public. The security researcher who found the vulnerability is not allowed to publicize the flaw after the contest, per contest rules.

      Miller told Ars Technica that as he is slated to go last in the Safari contest, it’s likely the browser will fall to at least one of the other three contestants’ attacks. “So I’m not going to report that vulnerability,” he said.

      Winners get $15,000 cash prizes for each browser or mobile device hacked from a pool of $125,000. The hacker that takes down Safari will also win a 13-inch MacBook Air. Google has sweetened the pot by offering an additional $20,000 reward for the researcher who can take down Chrome, which hasn’t been hacked in previous contests.

      Pwn2Own will run March 9 to March 11 in Vancouver, Canada, at the CanSecWest security conference.

      Fahmida Y. Rashid
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×