Moments after unto an unsuspecting planet, it got hacked to bits. Actually, IE8 was hacked the day before it emerged from the beta chrysalis.
In this case, at least, it was in the controlled environment of CanSecWest's annual contest. The hacker was a 25-year-old grad student in computer science at Germany's University of Oldenberg known only as "Nils." (No word yet whether Nils is planning a world tour along with other mononyms Prince, Madonna, and Bono.) Nils earned himself a cool US$15K, because he in less time than it takes to recite the "A pansy who lived in Khartoum" limerick with a mouthful of peanut butter.
That IE8 flaw is no fluke, by the way. Per the :
The big news of the day is that the MSRC (Microsoft Security Response Center) woke me up before my alarm went off this morning to let me know that they had reproduced and validated IE8 vulnerability discovered by the mysterious Nils. Of course, we can't tell you anything more than that- stay tuned for more information once Microsoft releases an update for it! ...For those not keeping score, the confirmation of the IE8 vulnerability on the released bits (available just this morning!) marks the first official vulnerability in IE8! Congratulations Nils! We take our collective hats off to you!
Somehow, I suspect the folks at MSRC are little! less! enthusiastic! about this topic.
The good news for Microsoft: Apple Safari sucks even harder. Good old . It took him about two minutes to do the same thing to Safari last year, and nine hours for another security researcher the year before.
I know I'm just a guy in a hat with a bad attitude but: Shouldn't these things be getting harder to crack, not easier?
Here's something sure to send the Apple fanboyz into spasms. In an interview with ZDNet's Ryan Naraine, ....
Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows. It's more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn't have anti-exploit stuff built into it.
The whining shall commence in three... two... one...
Miller also added that Firefox on Windows is easily the hardest of the three browsers to crack, despite Microsoft's claims that IE8 is "."
That may be literally true -- if you keep your hands at your sides and don't touch your keyboard or mouse, IE8 is probably pretty safe. Otherwise, well... you plays with Microsoft software, you takes your chances.
So where was Google Chrome in all this? Good question. Day three of the hacking contest (i.e., today) is supposed to focus on mobile platforms and Chrome. I'd be shocked if Google's browser proves impervious to the wily Nils or his nerdy cohorts.
Fact is, browser security is a relative concept. Your front door is secure, right up to the moment someone breaks into it. Then, not so much. But it helps to make sure it's made out of hardwood and not balsa, and there's a deadbolt or two on it.
Do browser vulnerabilities keep you up at night? E-mail me: cringe@infoworld.com.