Must Read: Galaxy Note 8.0 tablet: Beating the iPad mini (review)

Topic: Security

Video: Microsoft responds to Pwn2Own IE hack

Summary: Microsoft Security Response Center (MSRC) director Mike Reavey talks about the CanSecWest Pwn2Own challenge that saw a successful exploit of two zero-day vulnerabilities in the Internet Explorer 9 browser.

Ryan Naraine

By for Zero Day |

Just moments after researchers from VUPEN used two zero-day vulnerabilities to hack into the Internet Explorer 9 browser, I caught up with Mike Reavey, senior director in the Microsoft Security Response Center (MSRC) to get his response to the attack and some information on what happens next.

[ SEE: Ten little things to secure your online presence ]

ALSO SEE:
  • Pwn2Own 2012: Google Chrome browser sandbox first to fall
  • CanSecWest Pwnium: Google Chrome hacked with sandbox bypass
  • Charlie Miller skipping Pwn2Own as new rules change hacking game
  • CanSecWest Pwn2Own hacker challenge gets a $105,000 makeover
  • How Google set a trap for Pwn2Own exploit team
  • Researchers hack into newest Firefox with zero-day flaw

    • Topics: Security, Browser, Google, Microsoft

    Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

    Talkback

    11 comments
    Log in or register to join the discussion

    • This is so 30 seconds ago.

      nt
      Dietrich T. Schmitz *Your
      Reply Vote

    • google published an udpate the next day = poor testing

      One point to note here is that google published an udpate the next day, which brings into question their testing process and worrying for any business who uses google software. How did google make sure that nothing breaks because of the update without proper testing??? This is a perfect example that all their software are beta and not suited for business.
      owllnet
      Reply Vote

      • Microsoft responds to Pwn2Own IE hack

        @owllnet
        CanSecWest Pwn2Own challenge that saw a successful exploit of two zero-day vulnerabilities in the Internet Explorer 9 browser.

        Internet Explorer flaws went undetected for a very long time. ???This goes all the way back to IE 6. It will work on IE 6 all the way to IE 10 on Windows 8,??? Bekrar said. (VUPEN co-founder)

        Poor testing?
        daikon
        Reply Vote

        • not a logical argument.

          Sotware will always have bugs, rushing out a patch without proper testing is not very assuring for business...
          owllnet
          Reply Vote

        • The article is not about Google

          @owllnet
          You are trying to redirect the article with an off topic comment.
          daikon
          Reply Vote

        • Errr......

          More likely a bug that no one noticed. Sh?t happens.

          @daikon: Why is what owllnet said off topic?
          Gisabun
          Reply Vote

        • It they went undetected for a long time

          If they went undetected for a long time, isn't that proof that the vulnerability was not particularly urgent?

          Let's get serious here, it is not possible to do so much testing that you detect every possible flaw...

          Let's imagine an alternative world where everyone does as much 'testing' as you seem to think is necessary before releasing a product...

          'Microsoft announced today that it's new operating system, Windows 1.0 will be released soon 'no more than 5, maybe 10 more years of testing will be needed before this thing is ready' said the MS spokesman 'sure, 30 years of testing might seem excessive to some, but it is necessary to make sure we eliminate every conceivable flaw before we put out a product, that's only responsible'
          Doctor Demento
          Reply Vote

      • I suggest you read Google's explanation of how that attack succeeded

        It wasn't Chrome itself, but rather the Flash plug-in from Adobe that fell.

        Meanwhile, why aren't I hearing anything about OS X or Safari falling?
        Vulpinemac
        Reply Vote

      • Ya.

        Google doesn't do much testing if an update is out the day after. Now you know why each update of their browser corrects usually a dozen or so vulnerabilities in the previous version [see NIST newsletters]. This goes on and on like this.
        Gisabun
        Reply Vote

        • Maybe, but...

          Maybe Google knows their software better... Better design, better control, better product!
          Johan Safari
          Reply Vote

    • Was this posted for a reason?

      Is there a lot of interest in what happens next, or is there a lot of confusion about the vagaries of software development and patching witchcraft?
      QAonCall
      Reply Vote
    CNET Join | Log In | Privacy | Cookies Close