From the discovery of the first serious iPhone 3G exploit to the sighting of a new Captcha-conquering bot, the past week has proven interesting in the world of IT security, so much so that I've decide to take a look at several of stories that have cropped up, rather than doing my regular deep-dive into a specific topic.
Chrome, the last browser standing at Pwn2Own
Results of TippingPoint's CanSecWest hacking contest, Pwn2Own, once again demonstrated that building a perfectly secure Internet browser is very difficult. Even though Firefox and Apple rushed out dozens of last-minute security patches before the big contest, Firefox, Safari, and Internet Explorer 8 all quickly fell. A Safari bug even led to the first serious documented iPhone 3G exploit.
[Microsoft is defending the security of Windows 7 after a poor showing at Pwn2Own. | InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute Webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros. ]
The only browser left standing was Google's Chrome. Many observers attributed this success to Chrome's aggressive security model (which is truly impressive in many ways). But that would ignore the fact that Chrome has had at least 18 documented vulnerabilities in the past three months alone -- nearly one-third of which would enable a malicious hacker to compromise a system or bypass access controls. Those 18 vulnerabilities in Chrome followed 16 others reported during the three prior months -- 60 percent of which could lead to system compromise or security control bypass.
This is not to say that Google Chrome isn't a secure browser. It's just that all the popular browsers seem to have their imperfections over time. Personally, I'd love to see the Opera browser invited to participate in the contest, especially because it has always been a major player in the smartphone space.