LiveZilla Live Help
 
  Forgot  Password        
 


Microsoft stands for IE8
3/29/2010 15:26:24 PM

Microsoft's official Windows Security blog on Friday discussed some specific features, which were hacked to win the contest. It illustrated that IE's security techniques are not designed to prevent every attack forever, but for the purpose to slow down the bad purchases and make it harder for them to exploit susceptibilities.

Last Wednesday's annual Pwn2Own hacking contest made pitted security experts and researchers to compete against each other to view who was the top hacker. The contestants managed to hack not just IE8 on Windows 7 but also non-jailbroken iPhone, Safari running on Snow Leopard and Firefox on Windows 7.

Peter Vreugdenhil was an independent security researcher who won $10,000 for bypassing the security in IE8 and he said that he exploited IE8 by sneaking past two of its key defenses--ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention).

Microsoft blog posted for Pete LePage, who is a product manager from the Internet Explorer team. He mentioned the security researchers and addressed ASLR and DEP.

ASLR is mainly designed to stop hackers from getting memory addresses they can use to compromise code. DEP tries to prevent malicious code from running in memory where executable files are not supposed to run.

In the way to describe the ways these security defenses work, the blog compared a computer to a fire-proof safe. Without these defenses in place, a fire-proof safe may only protect its contents for sometime. A stronger fire-proof safe with several 'defense in depth' features would not guarantee the valuables forever, but adds significant time and protection to how long the contents will last. The blog said that both ASLR and DEP continued to be "highly effective protection mechanisms."

In hacking IE8, the computer running the browser was compromised by visiting a Web site that launched the spam code. He was then able to steal user rights on the PC by giving him the ability to run applications, like Windows calculator. The security researcher who hacked into Firefox said he also bypassed ASLR and DEP to gain control of the computer.

Tag Clouds:
affordabe web host,
affordable hosting,
cheap web hosting,
Free Web Hosting,
Unlimited Web Hosting,
Reseller Web Hosting,
VPS Web Hosting,
free website templates,
Web Hosting news,
Web hosting FAQ,
Web Hosting Tutorials,
Web Hosting Glossary,
SEO TOOLS

SRC: 


<-- Back
KVC Hosting Services
         



McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams


kvchosting is bbb accredited business

education hosting program
KVC Hosting News

Copyright ©2011 KVCHOSTING.COM Services All rights reserved.
Home | Site Map | About Us | FAQ | Contact Us | Terms of Service (TOS) | Privacy Policy | Spam Policy | Datacenter | Network | Affiliate | Tutorials | Domain Names
All companies name, product, logo mentioned on KVCHOSTING are the trademarks and/or copyrights of their respective owners.