etween two winning contestants, they were able to compromise Safari (twice), IE8, and Firefox.
Charlie Miller got the luck of the draw, and had the first time slot for the browser competition. His target- Safari on Mac OS X. Before I could even pull my camera out, it was over within 2 minutes- and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative.
Next up, Nils. Just Nils- you know, like “Prince” or “Madonna”. With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft’s latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) to take home the Sony Vaio and $5,000 from ZDI.
If that wasn’t enough, Nils pulled a Safari exploit out of his hat (perhaps the same one used for the drawing?) and wowed us a second time- quickly taking down Apple’s browser for another cool $5,000. As a reminder, even though a browser may have been exploited once, anyone else is free to use a different zero-day exploit in order to cash in again.
We were ready to call it a day, but Nils signed up for another time slot, and took a shot at Mozilla Firefox. Lo and behold, another zero-day exploit of his was able to crack Firefox. At this point, I had to pull out my calculator, and tally up another $5,000 ($15K total for Nils today!).
http://dvlabs.tippingpoint.com/blog...-firefox-taken-down-by-four-zero-day-exploits
