IE8 already hacked

[DSMUK]

The new IE8 has been out officially around 24hours and its already been hacked:

Microsoft's latest browser, Internet Explorer 8, has officially suffered its first security breach since its launch, during a hacking contest held at the 10th annual CanSecWest conference in Vancouver, Canada.


A hacker, who identified himself as Nils, managed to break into Microsoft's safest browser yet using a yet-unknown vulnerability a few hours after IE8 was launched as the browser was running on a WIndows 7 Beta platform.
Hothardware reports that Nils grabbed $5000 and a free laptop for the trick, "With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft's latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization)."


The event was sponsored by 3Com's TippingPoint under the watchful eyes of Microsoft. Within minutes, TippingPoint gave all the details and code to Mike Reavey, operations manager at the Microsoft Security Research Center (MSRC).


Microsoft subsequently released a statement saying that the company was investigating reports of a possible vulnerability in Internet Explorer 8 and actions will be taken if it was confirmed.


It is still unknown whether the vulnerability exists only on Windows 7; four vulnerabilities were found during the PWN2OWN session this year earning the winners $20,000 in all and the details about the weaknesses won't be disclosed until appropriate patches are issued.

News Source

 

[tekkiegurl]

too bad for windows

 

[Raghuveer]

Too good for others, can I dare to say Mozilla FF?

 

[isearch]

IE8-safe applicaitons

even iIE8 great portability and some times security and privacy getting in to consideration

 

[CarmenKarma]

That didn't take long...

 

[MadSekh]

Owned again, as usual.

 

[GrindHard]

Firefox fellas..

 

[kblessinggr]

Firefox fellas..

Firefox and Safari both got hacked around the same time that IE8 did... actually faster than IE8 did.

 

[HarveyJ]

Germany's version of Chrome, Iron, FTW...

[/wanker]

 

[Traffic-Bug]

Such security issues exist in all the browsers, including firefox, but Microsoft's are more publicized

 

[ryouinterested]

too bad for windows

yup.. too good for Nils

 

[rhizo]

IE has slow updates which is why it's security sucks

 

[ryouinterested]

@rhizo

what`s the deal betwen slow updates and the security? :|

 

[Traffic-Bug]

IE is a very good name for a browser, if it were not this slow I would be using it in preference to Firefox, it takes too long to startup and open new tabs and firefox is faster. IE is certainly more usable because it is from Microsoft.

 

[GARevolution]

Get a Mac and Firefox. Nothing compares to a mac when doing anything online. Trust me.

 

[Traffic-Bug]

IE8 is good for what it is. People are always picking on Microsoft for the wrong reasons. Microsoft is a good software company that makes good software products.

 

[bprimeelite]

Linux FTW

 

[dably]

Too good for others, can I dare to say Mozilla FF?

Just about any browser can be hacked the reason FF, chrome and safari don't see as many attacks is because they don't have the market share (that and ie users tend to be less ummm sophisticated and if you want to spread a virus or bot you want stupid people generally). I'm not a fan of IE but I am sure that if FF or chrome had the same exposure they would have just as many or more vulnerabilities.

People will always go to where the money is at and the biggest bucks can be made off of IE exploits. 0 day (private unpatched) IE exploits can sell for tens of thousands of dollars depending on the nature of the exploit.

 

[neablas]

smart move from Microsoft Execs to get hackers to test their software .. but well .. it will never be 100% because there is no such thing. There is always a way behind a will.

 

[vinoth2vinoth]

Such security issues exist in all the browsers, including firefox, but Microsoft's are more publicized

I agree with you and also more people use IE and Hackers target Windows products more lol