Pwn2Own - A Hacking Competition

During the first day of the Pwn2Own competition at the CanSecWest conference in Vancouver, latest versions of all major browsers (Chrome, Firefox and Internet Explorer 10 on Windows 8) were exploited by hackers. IE10 running on a Windows 8 powered Surface Pro tablet exploited a pair of flaws fetching $100k in prize money. Most of the exploits worked by making the user visit a malicious web page to allow the attacker to have code execution, along with using a kernel vulnerability in the underlying operating system in order to gain elevated privileges. Java is now the typical favorite in these competitions as numerous new vulnerabilities can be dug up.

Takeaway: Vulnerabilities and exploits for application software, operating systems, databases, etc. will always be present and growing. The challenge is on the system administrators to keep them patched and the security teams to make sure they are secure enough till the patching is complete against future zero-day exploits.