Firefox not featured in Security contest (Pwn2Own) what's your opinion?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The sponsors said that it's not worth paying hackers to find vulnerabilities in Firefox because it's too easy. They focused instead on the other browsers at this event.
I always knew Chrome was more bleeding edge in security but the anarchist in me hates Google's telemetry spying. There is ungoogle-chromium for Debian and Inox patches for Arch.
Replacing Chrome with another code blob off some github page seems even more stupid though.
They mentioned that all that was done on Windows/OSX. I suppose there's no fun trying that on a Linux box. (Even if you got down to the system you wouldn't get root access).
I assume that both Microsoft and Apple put quite some money into hardening their system's browsers as they may have a reputation to loose. (Well, Microsoft not that much, really.)
As with most hacks, a combination of program and OS level tricks are being used with ease. This has been an annual event and never seems to improve the users security. Just ends up being a new hole next year for profit.
I have only said that you have no reasonable expectation that your data will be secure when connected to the internet.
Web-based exploits these days have little regard to host OS. Sometimes if you take security too seriously, you would not want to use computer and connect to the 'net.
The sponsors said that it's not worth paying hackers to find vulnerabilities in Firefox because it's too easy.
Where do they say that? I read the venturebeat article you linked to and I find no mention. I'd be curious to see the statement in context, and to know who said it.
Where do they say that? I read the venturebeat article you linked to and I find no mention. I'd be curious to see the statement in context, and to know who said it.
It seems odd that Firefox was excluded; people do use Firefox, so why not put it to the same test as the other major browsers? If they truly believe that it's "too easy" (which is not, by the way, what pwn2own said, the quote that I could find states "We wanted to focus on the browsers that have made serious security improvements in the last year" [Gorenc], which is NOT saying "firefox is too easy") then don't award a grand prize for pwning it; make it a requirement that you first pwn firefox before you can start your attacks on the "better" ones.
Obviously, the event is a competitive event, not a scientific study.
Also, the internet is reporting about this as badly as the internet reports on everything else. Muddled, poorly cited, poorly quoted, no context. But I digress.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.