Pwn2Miss the point.
There’s been a lot of coverage on the Pwn2Own event, in which various browsers are hacked in seemingly under 3 seconds.
My friend Ken had a really excellent analogy.
“that would be like saying someone ran the new york marathon in 12 hours, implying anyone can do it that quickly. But forgetting the years of training it would take to build up that endurance. ”
The media never assumes that someone just wanders up to the starting line on a whim and cranks out a record time. So why is it always misreported that it took these researchers cracked a browser in so many seconds? They didn’t hack the browser in 3 seconds, the 3 seconds was the time it took to execute the script they spent the previous year creating. =P
1 Comment to Pwn2Miss the point.
Leave a Reply
What I'm Doing...
- Passed my CISSP test. =D 2012-01-06
- @a2alien absolutely... in reply to a2alien 2011-12-16
- Goals that go "ding!" off the crossbar are the best goals. =D 2011-12-12
- @CCP_TonyG Really sorry to hear that. =( Hang in there. in reply to CCP_TonyG 2011-10-21
- RT @hnbot Akamai close to being acquired by Google (Discuss on HN - http://t.co/512WnIEP) http://t.co/Vmje8jym Woah!!! 2011-10-12
- More updates...
Powered by Twitter Tools
Well I think the point is that such a script exists, and is still a viable attack vector even on those brand new shiny consumer toys. The threat isn’t real until any random script kiddie can execute remote code on your system. That’s the meaning of the demonstration that I pull from it all.