Hacker News new | past | comments | ask | show | jobs | submit login
At hacking contest, Google Chrome falls to third zero-day attack (arstechnica.com)
90 points by deedub on March 10, 2012 | hide | past | favorite | 16 comments



It seems the $1 million in awards actually worked. Last time around Pwn2Own hackers didn't even bother to try and hack Chrome.


Not sure. The "undefeated for 2 years" badge also meant that whoever did it first had serious boasting rights. Might end up being worth more than the 60k prize.

Saying the prize is 1M (it isn't!) is just eating the marketing.


Wired has a bit of additional coverage:

http://www.wired.com/threatlevel/2012/03/zero-days-for-chrom...


Though I find these contests very interesting, I can only wish that as much resources was spent to develop a viable alternative to C++ that would make many of those vulnerabilities impossible. Languages like Rust, ATS and BitC come to mind.


Google is developing Go ( http://golang.org ) and the first 'stable' release (aka "Go 1") should be out any day now.

Of course from having a new language to building a whole web browser with it will take some time.


Go is not suitable for developing a performant web browser engine. The GC alone ensures that.


> viable alternative to C++ that would make many of those vulnerabilities impossible

Could you explain this a bit more? Is there a vulnerability which is specifically due to a C++ quirk?


Many of these exploits use buffer overflows, use-after-free, etc. They're specific to manual memory management.


gnuvince may be referring to C++'s lack of automatic bounds checking, which can contribute to exploits via buffer overflows. (But I am neither a security researcher nor a particularly competent C++ programmer, so I may just be completely off-base!)


Previous discussion (which is worth reading): http://news.ycombinator.com/item?id=3677152


That pink pony has a striking similarity to another: http://www.djangopony.com/


Only in that they're both pink and ponies, TFA's pink pony comes from the MLP:FiM show[0] whereas Django's pony mascot comes from "... and a Pony"[1]

[0] http://en.wikipedia.org/wiki/My_Little_Pony:_Friendship_is_M...

[1] http://www.codinghorror.com/blog/2006/01/and-a-pony.html (it's older than that, but that's a good enough resource)


Oh dear, how embarrassing. I really should have done more research on pink ponies before making a comment. Lesson learned!


Indeed, modern pink-ponydom is a minefield, it's not to be treaded lightly.


Not quite. http://moongazeponies.deviantart.com/art/Pinkie-Pie-the-Hack... appears to be the original.


Breaking walls is what Pinkie Pie does, though.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: