Barney's Blog

Blog archive

Hackers Crack IE 8 in Two Minutes Flat

At a recent hacker event, it only took two minutes to break through IE 8's defenses. Rather than get defensive or ignore the event, Microsoft addressed the issues head-on, arguing that if you really want to secure your browser, you need a defense-in-depth approach, battening down all your computing hatches.

Part of those defenses, Microsoft argues, includes moving to more secure operating systems such as Windows 7 or Vista.

I'm a little disappointed that IE was cracked so fast, but I'm sure the hackers had time to prepare their attacks so the two minutes was the execution, and not the planning. On the other hand, I like Microsoft's forthright attitude here. I think it takes a fair amount of guts to come clean like this.

Am I giving Microsoft too much credit or not enough? Tell it to me straight at dbarney@redmondmag.com.

Posted by Doug Barney on 03/31/2010 at 12:50 PM


comments powered by Disqus

Reader Comments:

Thu, Apr 1, 2010 Kenton Clark

As long as there are dishonest people out there no amount of code will stop them. If you keep beating the supplier he will not produce anything. Look at what happened to IBM back in the 70's.

Thu, Apr 1, 2010 Dallas

I thnk they reaacted the way they are supposed to.

Thu, Apr 1, 2010 Tom

Please disregard my prior comment, apparently I need to learn to read the full article. I apologize for the tone.

Thu, Apr 1, 2010 Tom

Factually incorrect article. The browser was not cracked in 2 minutes flat. The attacker performed all of his research and developed the exploit outside of the contest. The execution of the pre-built attack that he walked into the contest with took 2 minutes. Not to detract from his skill, but lets not overstate the situation.

Thu, Apr 1, 2010 cbcalvin

No version of Windows (tm) is safe for use at home if connected to the internet. When you have extra infrastructure, as in a corporate invironment, Windows might be safe.

Thu, Apr 1, 2010 Jacob Lavender

I think the truth is MS should be a little more aggressive in attempting to address this type of issue prior to major release. Not until after Vista did MS realize it had failed miserably in taking the recommendations of thousands of other highly skilled individuals and implement it into their software, as we saw a little more of in Win7. However, IE8 is still pretty new, and while I'm sure that "battening down all hatches" and moving to a secure platform would be nice, in some cases its simply not realistic. Lets all just disconnect the WAN cables and go offline. We'll all be pretty secure then. Seriously, if IE8 can't stand up a little better, maybe it's time to move on. I know I have, mainly due to the fact that I have been anything but impressed by IE7 and IE8.

Wed, Mar 31, 2010 Mark Hacking IE8 in 2 minutes

Oooooo they hacked a browser running on an 8 year old OS. Were they running as Administrator on XP as well? Try it as a Standard User on Win7 and let me know if the results are the same.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above