Switchfast Blog: The Future of IT

Hungry Hungry Hackers Conquer IE8 on Windows 7 (Among Other Feats)

Thursday, March 25, 2010 by Bryan Anderson

Day one of CanSecWest Pwn2Own hacking contest has already produced 'technically impressive' results, from iPhone hacking, SMS database hijacking, and Firefox and Safari exploits.

Two researchers yesterday - both taking $10,000 for their mastery - were able to bypass critical security measures of Windows 7 and IE 8. Both Peter Vreugdenhil of the Netherlands and an individual by the first name of Nils from Germany displayed how to disable DEP (data execution prevention) and ASLR (address space layout randomization), then successfully exploit the fully-patched 64-bit version of Windows 7 through IE8 and Mozilla's Firefox 3.6, respectively.

According to an article at computerworld.com, "every exploit has been top notch" and "the one on IE8 was particularly impressive," quoted from Aaron Portnoy, a lead at 3Com's TippingPoint security unit, the sponsor of the contest.

3Com Tipping point also shelled out $15,000 to the team of Vincenzo Iozzo and Ralf-Philipp Weinmann who together exploited the iPhone in less than five minutes. The pair lured the target iPhone to a rigged website where they were able to exfiltrate the SMS database in about 20 seconds, according to zdnet.com. Basically, they accessed text messages via an iPhone exploit, both present AND deleted text messages.

For the third straight year, Charlie Miller took home top prize for hacking a MacBook by exploiting a Safari browser vulnerability. Using fuzzers to find security vulnerabilities, he is preparing a presentation on his techniques against popular software products.

With all these vulnerability issues, should you be worried? Not at all.

The purpose of this contest is for the best of the best to demonstrate top notch security threats that aren't as commonly discovered, well before any malicious group of cybercriminals get a hold of them. These hacks were not just impressive but critical in identifying future software security issues.

In fact, according to an article on networkworld.com, each year vendors have pushed patches for these vulnerabilities quicker and quicker. In 2008, Apple took three weeks to patch a noted Safari bug, while Mozilla updated their browser a week after an exploit discover last year.

These companies are fully aware that security is the most important aspect of online software and they are determined to fill all the holes.

Until next time -

Matthew Hymel

Switchfast Technologies
Chicago IT Support & Consulting
Rochester IT Support & Consulting

Related posts

• Wednesday is Change your Password Day
• How to Keep Business Data Safe on Mobile Devices
• Phishing Attempt on New Apple Owners
• FTC Launches an Antitrust Investigation on Google
• The Fight Against Spam Continues

Leave comment:

Archives

• 2012
  • January (4)
    • Trends in Mobile Marketing for 2012
    • Understanding SOPA & PIPA
    • How to Keep Business Data Safe on Mobile Devices
    • Wednesday is Change your Password Day
• 2011
  • December (5)
    • Another look at Windows Phone 7 for Small Business
    • Small Business Marketing: How to Utilize Daily Deal Sites
    • Year in Small Business Technology
    • Small Business Selling: Tips on How to Land a Big Account
    • Phishing Attempt on New Apple Owners
  • November (6)
    • Office Moves - Don't Forget Your IT Support
    • The Downside to the "Bring Your Own Device" Model of IT Buying
    • What does the end of mobile flash mean for small businesses?
    • The Importance of Prioritizing Leads
    • Siri and Local SEO
    • Facebook Seamless Sharing and your Small Business
  • October (2)
    • How to Improve Your Website's Landing Pages
    • Three Low Cost Marketing Ideas
  • September (5)
    • Building Online Reputation: Q&A Sites
    • What Google's Acquisition of Zagat Might Mean for Small Businesses
    • How to Utilize a Company Blog to Generate New Leads
    • Offsite Backup can Prevent a Disaster
    • Kindle Fire is not for Business
  • August (4)
    • Benefits of VoIP for a Small Business
    • It Is Time to Redesign Your Restaurant’s Website
    • The High Cost of Pirated Software
  • July (4)
    • Streamline Your Social Media While Tracking its Success
    • QR Codes for Small Business Marketing
    • 4 Web Traffic Metrics You Need to Know
    • Point of Sales Security for Small Business
  • June (10)
    • Microsoft Announces Windows 8
    • The Cloud Computing Breakdown
    • Windows 8 vs Mac OSX Lion
    • Does Your Marketing Plan Need Some Remodeling?
    • LinkedIn Adds Additional Features that Help Small Businesses
    • Telemarketing -- Is it Still a Relevant Marketing Tactic?
    • Windows 8 in the Small Business
    • FTC Launches an Antitrust Investigation on Google
    • Google+ for Small Business Networking
  • May (6)
    • It Might be Time to Consider Outsourcing your IT Support
    • An Unlikely Place to Look for Potential Clients
    • The New Age of Telecommunications
    • How to Incorporate Social Media into Small Business Marketing
    • The Fight Against Spam Continues
    • Big Brand Facebook Success Tips Small Businesses Can Easily Implement
  • April (7)
    • Check in Applications: Effective for Small Businesses
    • Google Plus 1 and Small Business Marketing
    • Social Media in a Business Setting
    • Is Google Falling from the Ranks?
    • Display Ads: Is Google Leading the Way or Following the Beaten Path?
    • Switchfast Celebrates 10 years by Taking a Look Back
    • Is Your Password Secure?
  • March (3)
    • Technology and Security Auditing for Small Business
    • Prevent Password Theft by Recognizing Phishing Attempts
    • What does Google’s Personal Blocklist mean for Small Business?
  • February (3)
    • All Covered Acquired by Konika Monolta: Options Shrink for Independent SMB-focused IT Support
    • OpenForum Blog Shares Top Tech Tools
    • Google's government contract establishes foothold in Cloud Services Market
    • Is Search Engine Optimization putting your brand at risk?
  • January (1)
    • Small Business Labs releases Top 10 Trends for 2011
• 2010
  • December (2)
    • Report: Most Small Businesses Plan on Marketing Online, But Skimp on Social Media
    • Veterans of Foreign Wars Foundation a Gentleman-ly Cause
  • November (1)
    • Apps at Work: Sorting through the News with Reeder for the iPhone
  • October (3)
    • Surviving the Work Desk
    • Windows Phone 7: Bridging the Gaps Where Apple Cannot?
    • E-Commerce for Small Business: 10 Tips For An Effective Online Store
  • September (6)
    • Apple’s Validity: The iPad and Your Business
    • Why Does My Business Website Not Generate New Business?
    • Small Business Jobs Act: Will It Help?
    • Search Engines or Directories? Two Sides of the Same Coin
    • Hackers, Wiretaps and Malware: Digital Security and You
    • Social Media: Knowing When to Use for Business or Pleasure
  • August (22)
    • Internet Explorer Gains Market Share, Privacy Criticism
    • The 4 Main Ingredients for Small Business Online Success
    • Windows 7 Security Features for Small Businesses
    • As IT Hiring Continues to Improve, What Kind of Skills Are Companies Demanding?
    • The Best Kind of Complaint? RIM Fights for Its 'Too Secure' Network
    • Small Businesses Get 55% More Traffic With a Blog
    • Link Building and its Basic Function: Getting Found
    • Largest Patch Tuesday for Windows Users
    • A Job for Experts or Enthusiasts? The Idea of Empowering Consumer IT Solutions
    • Now is the Time for Small Business Start-ups
    • Visa Upgrades Network to Help Small Business Owners
    • Bing Market Share Surges One Year After Formal Launch, Possibly Overtakes Yahoo
    • Microsoft's Arc Touch Mouse: Productivity Booster or Bummer?
    • 5 Internet Threats that Could Put Your Small Business at Risk
    • A Balancing Act: Website Designs Fit for Search Engines & Users
    • Small Business Strategy: Utilizing Location-Based Mobile Services
    • 10 Pointers on How Small Businesses Can Create, Promote, and Maintain a Blog
    • Chicago among Top 5 Zip Codes for Entrepreneurial Success
    • Microhoo a Year Later: Has the Search Alliance Changed the Industry?
    • 4 Ways Small Business Can Utilize Google Realtime Search
    • Top Technology Companies Leaving Over 20% of Vulnerabilities Unpatched
    • 5 Ways to Branch Out Your Small Business, One Link at a Time
  • July (19)
    • How Small Businesses Can Take Advantage of Mobile SEO
    • Microsoft’s Internet Explorer Going Strong But Faces Adversity
    • Your Social Media Experience as a Small Business
    • How Large Corporations Are Influencing the Small Business Scene
    • Firefox 4 Beta Shows Off Improved Interface, Still Not Quite Speedy
    • How Professional Online Networking Adds to the Value of Your Small Business
    • As Tech Job Demands Grow, So Does Your Small Business
    • Can Microsoft’s Windows Phone 7 Make a Difference in Mobile Enterprise?
    • The Human Side of Small Business – Keeping Your Employees (and Yourself) Balanced
    • The Five Cs That Make Small Business SEO Work
    • Go Blog About It! 6 Reasons Why Your Small Business Should Maintain a Blog
    • Move Over, iPhone: 5 Reasons Android Now Works for Small Enterprise
    • 500 Million Reasons Small Businesses Should Join Facebook
    • Apple Targets the Small Business Market
    • Increase in IT Spending Points to IT Innovation
    • Firefox Impresses Users with Interface and Security Updates
    • 4 Reasons Why Small Businesses Should Build Local SEO
    • President Obama Promotes the Power of Small Business
    • Volunteering with A.C.T. – Assurance Cares Together
  • June (21)
    • Google Supposedly Drops Windows for “More Secure” OS
    • Will Android Overtake Blackberry in Enterprise?
    • The Upcoming Generation of IT – Social Networking and Generation Y
    • Zero-Day Flaw Affecting Adobe Flash, Reader
    • Heads Up Chicago Small Business: SEO is King of Budget-Minded Marketing
    • Small Business Sees Rise in Confidence
    • We Ask Again: Will Google’s Caffeine Affect SEO?
    • 5 Lessons Small Businesses Can Learn From the BP Oil Spill
    • 3 Reasons Small Business Owners Should View SEO Like a Car
    • 5 Most Overlooked Aspects of a Small Business Website
    • Microsoft’s Xbox Kinect: A Future Small Business Tool?
    • 4 Simple Tactics to Promote a Small Business and Build Connections
    • One Year and 3.7 Billion Phishing Emails Later – Is Your Identity Protected?
    • Three Advancing Areas of Enterprise Hardware
    • Email Etiquette – 5 Tips on Small Business Communication
    • New Collaboration Tool From Salesforce Pushes Notion of Social Enterprise
    • Strength in Small Business IT Brings Strength in Innovation
    • Microsoft’s Bing, Internet Explorer 9 Making Quiet Advancements
    • Hey Chicago, You’re the Next Silicon Valley
    • Three Reasons Why Facebook SEO Isn’t Important For Small Business (Yet)
    • Beware and Recognize Phishing/Virus Attempts!
    • According to FCC, VoIP Service ‘Important and Rapidly Growing’
    • Three Benefits Tablets Can Bring to the Small Business Sector
  • May (16)
    • Passwords and Privacy: 5 Password Manager Options
    • Saving Time and Money with Mobile Apps
    • Google’s New Search Page Layout and Its Effect on SEO
    • Offsite Backup Saves Time, Money and Frustration
    • Patch Tuesday: A Pair of Critical Fixes
    • Technology & Small Business Viewed as Most Positive Influence on U.S.
    • Three Thoughts on Choosing an IT Company
    • 17th Annual Chicago Cares Serve-a-thon on Saturday, June 12, 2010!
    • Small Businesses Benefit from Helpful Agencies
    • 5 Tips on Maximizing Social Media ROI
    • VoIP Proves to be Effective Cost-Cutter
    • Small Business Owners Feel Personally Fulfilled
    • Wireless: Evolving Tool or Security Nightmare?
    • IT-Business Convergence: The Key to Company Evolution
    • Google Analytics Offers Choice of Opting Out
    • Scientist ‘Infected’ Himself with Computer Virus, Stands on Principle
    • Soluto: The Solution to PC Frustration?
  • April (18)
    • April 1st – An Important Lesson in Content Production & Retrieval
    • What Does “Cloud” Mean to You?
    • FCC Can Not Enforce Net Neutrality – What Happens Next?
    • Is There a “Cyberwar” Around the Corner?
    • Small Businesses Get Their Way with Yelp
    • Social Networking Gone Wrong – Is Anonymity a Reliable Reputation Builder?
    • Another Heavy Tuesday – Critical Patches from Microsoft, Adobe
    • Will Social Networking Kill Off Email?
    • Power Down: The ROI of Decreasing Utility Waste and Pollution
    • Work Smarter: 10 Firefox Extensions to Improve Efficiency
    • Microsoft Gets Busy Rolling Out Office 2010 , Windows InTune, Fix It
    • Saving Money – As Easy As Choosing Your Font
    • More Hardware Investment Means More IT Spending
    • McAfee Glitch Shutting Down Corporate Computers Worldwide
    • Passwords and Privacy : 3 Tips to Better Manage Your Private Content
    • Using Analytics Efficiently – 5 Ways to Improve Employee Production
    • Gmail vs. Exchange – Will Cloud Services Cut Costs?
    • Optimizing LinkedIn: Features & Opportunities for Your Small Business
  • March (22)
    • Apple Continues to Invade Enterprise
    • The Internet Browser Revolution
    • Enterprise Wants a Piece of Windows 7 Growth
    • Search Engine Giant Google Fails its Own Test, Offers its SEO Pointers
    • Excited About Windows Phone 7? More Details Coming Soon
    • While Office 2010 Gets a Launch Date, Google has its Sights on Enterprise with Chrome OS
    • Beware: Counterfeit Intel Processors
    • Technology Adjusting to Success of Small-to-Midsize Businesses
    • Patch Tuesday: Slow, But Still Very Important
    • Will Bing Turn into a Significant Search Engine?
    • Celebrating 25 Years of Dot Com Has its Drawbacks
    • IE9 Now Available for Test Drive
    • Businesses Begin the Windows 7 Migration
    • National Broadband Plan – How Will It Affect Small Business?
    • Attention SMBs: Microsoft Makes Windows 7’s XP Mode Available Without Virtualization
    • Chicago Avoids the Top 10 Riskiest Online Cities
    • Is Ubuntu’s Lucid Lynx Concentrating on Aesthetic or Functionality?
    • New Office Communications Server for Microsoft around the Corner
    • Hungry Hungry Hackers Conquer IE8 on Windows 7 (Among Other Feats)
    • Most Dangerous Search Terms According to McAfee
    • Microsoft and Apple Releasing Critical Updates
    • iPhone for Verizon – A Small Business Game Changer?
    • AMD, Intel Unleash New Processors, Look to Power Small Businesses
  • February (19)
    • Microsoft Azure Platform Opens to Public
    • Would It Benefit Your CIO to Blog?
    • Breaking Through the Condescending IT Image
    • Beware: Rogue iPhone Apps that Steal Data
    • On the Right Track: IE 8 World’s Most-Used Browser
    • The Dangers of Using a Public Wi-Fi Network
    • Build a Strong Brand alongside a Booming Business
    • TLS/SSL Flaw Found in Windows
    • Can Your Company Benefit from Google Buzz?
    • Windows Patch Tuesday Update Producing Blue Screen
    • Can IT Boost Your PowerPoint Creativity?
    • Firefox Poised to Penetrate IE Stronghold as Primary Enterprise Browser
    • Free Version of BlackBerry Enterprise Server Coming Soon
    • Adobe Issues Out-of-Band PDF Updates
    • Google Buzz May Be Black Hat SEO Haven
    • Microhoo is Official, but Don’t Expect Changes Quickly
    • Small Business Blogging: Benefits and Drawbacks
    • Social Media Thrives On Small Business Innovations
    • Adobe Releases Critical Security Update for Download Manager
    • WiMAX & LTE Networks Bringing VoIP into Big Picture
    • Creating a Smartphone Application – For Enterprise Use
    • Three Big Reasons to Take a Minute to Upgrade Your Browser
  • January (9)
    • Microsoft Announces Pricing for Office 2010
    • Keep an Eye Out for Microsoft Windows Patch this Tuesday
    • Microsoft Announces IE Security Hole Believed to be Involved in Google Attacks
    • FireFox 3.6 RC2 Released Sunday
    • Will 2010 Bring "Hybrid Clouds" ?
    • Microsoft Investigates Internet Explorer Flaw - Again
    • IT Spending to Increase in 2010
    • Why Your Social Media Image Matters – Especially for SEO/SEM
    • Windows Mobile 7 Demo to Appear Next Month
    • The iPad - How Will 'it' Affect IT?
    • To Enterprise or Not - Tech Analysts Split on iPad
    • Google Sets Sights on Enterprise Version of Nexus One
    • Beware: Latest Search Malware Threat – ‘Apple iPad’
• 2009
  • December (10)
    • Beware: Top Ten Riskiest Domains
    • Important Microsoft IE Security Update Coming Tuesday
    • Copenhagen Climate Talks Spawn Flurry of Positive Green Tech Activity
    • Microsoft Claims BitLocker Security Hole is Only Dangerous in “Highly Unlikely Situations”
    • Beware: Koobface.GK “Christmas Worm”
    • Last-Minute Holiday Gift Deals
    • Mozilla Releases Important Security Update for Firefox
    • Entrepreneurs: Internet Usage Still Somehow Continues to Climb
    • Nexus One ‘Google Phone’ Expected at January 5th Android Event
    • McAfee says Adobe Will be a Bigger Hacker Target than Microsoft in 2010
  • November (13)
    • Microsoft Opens World-Class Data Center on Chicago's Outskirts
    • Reminder: New Chicago Area Code to be Active on November 7
    • Latest T-Mobile Outage is Fixed
    • Windows 7 is More Secure, but You Still Need Antivirus
    • Attention eCommerce: Reliable Search can Aid Conversion Rates
    • Apple Releases Snow Leopard Update v10.6.2
    • Google Maps Launches Flu Shot Finder
    • Upgrading Obsolete Systems can Save Huge Amounts of Money, but Do Your Research First
    • Next Generation Collaborative Tools are Changing How We Interact
    • Let Switchfast Help with Holiday Shopping!
    • Verizon Doubles Early-Termination Fee for Smartphones
    • Beware: Dangerous iPhone Worm
    • Future of the Internet Browser: Speed is King
  • October (12)
    • Use Copyscape to Protect your Reputation with Google
    • Non-Profits: Upgrade to Windows 7 for free through TechSoup
    • Beware Keylogging: The Latest Phishing Fad
    • Beware "Chicago Marathon 2009 Results" Malware
    • Good SEO Takes Time, but the Results are Well Worth the Wait
    • Google’s Postini Outage Affects Many United States Users, Now Resolved
    • MicroStrategy Offers Free Business Intelligence Software
    • Windows 7 is Imminent, the Internet is Buzzing
    • Lifehacker posts Master List of Windows 7 Shortcuts
    • ICANN to bring non-English web addresses to the internet in 2010
    • Smartphone sales to surpass laptop sales by 2012
    • Free Software Scans Twitter Links for Malware
  • September (10)
    • Gmail Outage Blamed on a Capacity Calculation Error
    • SEO vs. Yellow Pages: Times are Changing
    • Exchange 2007 Support May be Snow Leopard’s Killer Feature
    • eMarketer: SMBs Prefer Digital Media Over Traditional Media
    • Workplace Computers: To Lockdown or Not to Lockdown?
    • Non-Profits Gain Free Revenue through GoodSearch
    • SANS Institute: Unpatched Software is Top Security Risk Worldwide
    • IE Now with HTML5 Compatibility, Thanks to Google
    • Microsoft CEO Steve Ballmer on the "New Normal"
    • Microsoft Offers Free AntiVirus Software
  • August (10)
    • Microsoft Office 2010: What We Know So Far
    • XP Mode: Killer App for Windows 7 Enterprise Adoption?
    • Google, Apple release helpful software updates
    • Is Google’s “Caffeine” a game-changer for SEO?
    • “Hot Content” like Erin Andrews Video Used as Bait for Malware
    • Non-Profits Should Look to Search Engines for Affordable Donor Generation
    • Windows Server 2008 R2 Released to Software Assurance Subscribers
    • Apple to Release Snow Leopard on Friday (8/28)
    • European ‘Cyber-gangs’ targeting small to medium-sized businesses
    • Snow Leopard Not as Secure as Advertised?
  • July (15)
    • Three easy habits to keep your system up and running
    • Be careful what you tweet!
    • Workaround for Microsoft ActiveX Security Vulnerability for IE6 and IE7
    • As a source of customers, the internet has become impossible to ignore
    • Microsoft to release security patches for DirectX/ActiveX on Tuesday (7/14)
    • Microsoft to release Windows 7 to Businesses on September 1st
    • Non-Profits can gain a major edge using a CMS
    • Why you need to be archiving your email right now
    • Google’s Q2 revenue tells us where opportunity lies
    • Service Pack 2 to be released for Office 2008 for Macintosh today
    • Thanks to everyone who stopped by the Switchfast booth at the City of Chicago Treasurer’s Small Business Expo!
    • How to use social media to bring business on no budget
    • Why every organization should utilize an electronic document management tool
    • Microhoo: Microsoft and Yahoo finally agree on a search partnership
    • Beware Rogueware: Fake security software that is becoming big business
  • June (14)
    • Beware: Gumblar virus
    • Spam can be more than just annoying
    • Can Microsoft’s Bing threaten Google's dynasty?
    • Non-Profits should take advantage of free/cheap technology to stay competitive and relevant
    • Green technology isn’t going anywhere but up
    • Rapid growth in mobile technology is changing the face of business
    • High tech lighting can save up to 40%
    • Clearwire to launch 4G WiMax in Chicago this summer
    • A close look reveals unique pricing opportunities for MS Office
    • Windows 7 just around the corner, presale details leaked
    • Nortel sells wireless business, further signals change in telecom landscape
    • Economic downturn has been catalyst for SMB adoption of managed services
    • Another "No Backup" Horror Story
    • Cisco claims big internal savings through telecommuting
  • May (13)
    • Microsoft says that IT is "firmly entrenched as a strategic asset" among small to medium businesses
    • Uncontrollable environmental conditions make the ability to work remotely a powerful tool
    • Plane crash victim escapes with his life and his critical data
    • Sometimes small changes make a big difference
    • Aging hardware can be much costlier to keep than to replace
    • SF Giants: Low maintenance costs and an able feature set prove to be big cost-savers with new VoIP system
    • Quick fix for Internet Explorer 8 crashing with faulting module urlmon.dll
    • Beware Unreliable and Inefficient Data Security Solutions
    • Recent influx of Phishing scams demands caution from internet users
    • Agile Software Development divides big projects into manageable, budget-friendly chunks
    • Lower-priced Windows 7 licenses for netbooks will have maximum spec limit
    • Google: "The Web has won"
    • Good economic news means now is the time to make changes
  • April (3)
    • Instead of Sacrificing Your Assets, Streamline Them
    • Mac Users Should be Aware that Security Threats are Growing
    • Big Microsoft discounts available through May
  • March (1)
    • Going Green Means Saving Green ($$$)