Serious security flaws uncovered in ethical hacking competition

The annual Pwn2Own ethical hacking competition got underway at the CanSecWest conference in Vancouver this week, and could be dubbed either a rousing success or a complete disaster, depending on which point of view you take.

According to an article published by ZDNet on March 7, on the first day of the competition participants were able to uncover vulnerabilities in all three of the most popular consumer web browsers available – Microsoft Internet Explorer 10, Google Chrome and Mozilla Firefox.

Java – which is already dealing with the ramifications of a number of high profile security flaws that have been discovered in recent months – was also cracked three times by participants.

However competitors were reportedly unsuccessful in cracking a number of other programs, including Adobe's Windows 7 Flash Player and the Safari web browser for Mac OS X Mountain Lion.

Ethical hacking competitions such as this have grown in popularity in recent years, and are now considered an excellent way for some of the world's top software companies to evaluate potential vulnerabilities in their developments.

For example, Google regularly runs 'Pwnium' competitions, in which ethical hackers are encouraged to hunt down vulnerabilities in the Google Chrome browser, so that these can be corrected before they are exploited by malicious parties.

In October of last year a hacker was awarded a bounty of $60,000 for identifying an exploit in Google Chrome during the Pwnium 2 competition at Hack in the Box 2012, which was held in Kuala Lumpur.

If your organisation is looking to improve vulnerability management and identify any potential exploits or backdoors in security protocols then it might be wise to consider undergoing an ethical hacking evaluation of your own.

By simulating a legitimate access attempt in a safe and secure manner, an ethical hacking evaluation can test for any and all potential exploits that might be exposing your organisation to the threat of a security breach incident.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s