Microsoft’s Internet Explorer 10 browser (IE10) running on a Windows Surface Pro machine was successful hacked by teams at the Pwn2Own hacking contest, helping researchers rake in thousands of pounds in prize money.
Announcing their success on Twitter, a team known as Vupen Security managed to exploit security holes in the platform on a Windows 8 machine, the Surface Pro,
We've pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass #Pwn2own— VUPEN Security (@VUPEN) March 7, 2013
The hack was confirmed by the organisation running the competition, helping Vupen walk away with a cool $100,000 for its hack.
@vupen just dropped IE10 and bypassed the sandbox on Windows 8 on the Surface Pro without crashing the browser!— Zero Day Initiative (@thezdi) March 6, 2013
The Vupen team also found exploits in Firefox 19, helping it rake in more cash to the tune of $60,000 The team confirmed it had passed on all the security flaws to the relevant companies.
ALL our 0days & techniques used at #Pwn2own have been reported to affected software vendors to allow them issue patches and protect users
— VUPEN Security (@VUPEN) March 7, 2013
Chief executive of Vupen, Chauoki Bekar, had told V3 earlier this year his team would be back to try and replicate their success in 2012.
Last year, Google withdrew its sponsorship offer for Pwn2Own, complaining that the competition rules would allow entrants to demonstrate hacks that defeated a browser's sandbox security feature, without having to share the full details of the exploit.
It set up its own rival hacking competition in response but was back as a key sponsor for the competition this time around.
But there are three times as many CDOs as there were in 2014
Companies never used to hold big launch events to announce minor upgrades, did they?
Only 35 per cent of IT decision makers regularly review their data formats
One-third of CIOs admit that their organisation has fallen victim to a security breach in the last two years
CIOs warn that companies are losing battle against cyber crime