Pwn2Miss the point.
There’s been a lot of coverage on the Pwn2Own event, in which various browsers are hacked in seemingly under 3 seconds.
My friend Ken had a really excellent analogy.
“that would be like saying someone ran the new york marathon in 12 hours, implying anyone can do it that quickly. But forgetting the years of training it would take to build up that endurance. ”
The media never assumes that someone just wanders up to the starting line on a whim and cranks out a record time. So why is it always misreported that it took these researchers cracked a browser in so many seconds? They didn’t hack the browser in 3 seconds, the 3 seconds was the time it took to execute the script they spent the previous year creating. =P
1 Comment to Pwn2Miss the point.
Leave a Reply
What I'm Doing...
- Loving this dreary weather. =) 1 week ago
- Still wondering why it is all of my pipes suddenly need to be ripped out...bbl, tearing up apartment. @Bent_Tree 3 weeks ago
- @EmilyHaHa Tripod or other stabilizer, tell them to smile and open their eyes "on three", dial back the flash. =) in reply to EmilyHaHa 2010-08-04
- Laura just booted up Dragon Quest VI....in the original Japanese...I had no idea she was so hardcore...=) 2010-07-16
- I was about to comment to Laura about how pretty the crickets and cicadas sounded outside, until I realized it was my external HDD copying. 2010-07-16
- More updates...
Powered by Twitter Tools
Well I think the point is that such a script exists, and is still a viable attack vector even on those brand new shiny consumer toys. The threat isn’t real until any random script kiddie can execute remote code on your system. That’s the meaning of the demonstration that I pull from it all.