[Dailydave] Pwn2Own 2009 thoughts
Charles Miller
cmiller at securityevaluators.com
Mon Mar 2 17:52:10 EST 2009
Pwn2Own is just over 2 weeks away. Its the only time of year I
actually bother to look for bugs without a client paying my boss or in
preparation for a talk. Its also the time of year I dig in my bag of
0-days for goodies to give out. Join me this year!
In the past, it was to researcher's advantage to make sure no one else
competed since only one person could win at each target. This year,
there can be multiple winners for each (only the first pwner gets the
hardware). Also, if more than 5 people win, an extra $15k gets put up
for grabs. That means I hope lots of people win! I want my bonus
bucks :)
Here are my predictions for this year. It'd be cool if there was a
Vegas line on this stuff!
Safari: hacked by 4 different people. Easy pickin's as usual.
Android: hacked by 1 person. Not too tough but no one owns one.
IE8, Firefox: Survive unscathed. The bugs to exploit equation is too
hard for 5k.
iPhone, Symbian: Survive due to non-executable heap.
Blackberry, Windows Mobile, Chrome: I don't know enough to say
anything intelligent. That said, they're probably hard/obscure and so
survive.
Charlie
More info:
http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
More information about the Dailydave
mailing list