Hacker Breaks Into Windows 7 Using IE 8 in 2 Minutes

Pwn2Own hacking contest exposed the vulnerability of latest software presented by Microsoft and Mozilla, where two researcher Peter Vreugdenhil from Netherlands and Nils from German bypassed a couple of defensive mechanism in present in Windows 7 by using its own code against it.

The security features exploited by hackers in the presence of representatives from both Microsoft and Mozilla organizations including DEP and ASLR. DEP stands for ‘data execution prevention’ while ASLR means ‘address space layout randomization’. On one hand DEP ensures preventing malicious code execution and promises reliable defense against buffer-overflow attacks while on other hand ASLR creates difficulties for hacker for predicting the exact location of their attacking code just by shuffling the memory areas prudently.

But both of these defensive measures were easily bypassed first by Peter and then by Nils. Peter fisrt explited the ASLR and DEP and only after 2 minutes he hacked IE 8 successfully. On the same event after an hour Nils also bypassed these defensive features by using Mozilla Firefox 3.6.

Aaron Portnoy, the organizer and sponsor of contest greatly impressed and appreciated the researches for doing these great jobs particularly the Peter’s exploitation of IE8. Aaron is also the team leader for security research with 3Com TippingPoint.

Both hackers got the handsome winning amount of $10,000 along with notebook they exploited and a paid trip to DefCon hacker’s conference going to be held in Los Vegas in coming July.

Charlie Miller, another hacking winner at the event said that bugs still exist in these softwares letting such hacker to exploit them easily particularly when such great winning amount is involved in hacking contests.

This hacking contest was a valuable alert for software companies exposing the flaws and loop holes in there creations. Jerry Bryant, a senior manager of Microsoft admitted the facts wholeheartedly and ensured that Microsoft will take concrete steps in this regard after completing its investigation and testing process.

Though Microsoft assured its users to investigate and fix the hacking problems and flaws in their software but if you are also using their software then you have to wait for certain time as it is not a case of one or two week. For Microsoft it takes about 30 to 60 days just for satisfactory testing process to complete.