This week Hewlett-Packard continued its annual Zero Cay
Initiative (ZDI) Pwn2Own event. Pwn2own is hacking contest where HP awards
security research team’s cash prizes for responsibly exposing security flaws in
popular OS’s, Applications, and browsers. The Vendors then collaborate with
each other to find solutions for the newly exposed threats.
This week on March 12th the first day of the competition,
Adobe Flash and Reader, IE 11 (Internet Explorer), and Firefox 27 had Security
holes exposed. On March 13th the second day of the competition all browsers
had Security exploits exposed, including Google Chrome who had patched 7
security flaws a few days prior to the event.
When the dust had settled at the end of the Pwn2Own event
all the major browsers had had security flaws exposed and the security teams
had taken away $850,000 out of the $1,085,000 possible prize money. Team VUPEN won
the highest gross of $400,000 in the competition having exposes 5 security
flaws. In the end there remained only one prize that was left un-awarded which
was for IE 11 w/EMET*. So even though IE has a bad rap concerning security it is funny that it was the only unclaimed prize this year.
*EMET (Enhanced Mitigation Experience Toolkit) is a utility
by Microsoft that helps prevent vulnerabilities in software from being
exploited. EMET works by performing input validation against code in the
program to prevent exploits of possible security holes. EMET can be downloaded
directly from Microsoft and requires IE 10 or higher.
Reference
No comments:
Post a Comment