At a security conference yesterday in Vancouver, a hacker exploited a security hole in Microsoft’s new Internet Explorer 8 in under two hours, taking control of a Sony laptop running an internal build of Windows 7. IE8 was launched earlier in the day amidst claims of superior security from Microsoft.
The hacker, a 25-year-old German researcher going by the handle “Nils,” won $5,000 and the Sony laptop on which he performed the hack in the annual contest PWN2OWN, that invites hackers to worm their way into popular browsers and operating systems for prize money.
In a recent security audit by a third-party firm, IE8 was substantially more effective at intercepting malware than Safari, Firefox, and the previous version of Internet Explorer. Immediately after completing his hack, “Nils” signed a non-disclosure agreement and exposed the flaw to Microsoft engineers. The researcher also found and exploited flaws in Safari and Firefox, so IE8 was no worse off than its peers. Engineers from each of the companies will develop patches to ameliorate the flaws that PWN2OWN hackers find.
(The second day of the PWN2OWN contest focuses on hacking mobile platforms; no winner prevailed. Today’s contest will focus on Google’s Chrome browser and the continuation of the mobile platform hack.)
Only Microsoft could fall back on a claim like the latter–with Internet Explorer boasting a 72% marketshare, according to a Janco Associates survey, the browser’s improvements are necessarily important to three-quarters of the Web surfers on earth. But while its security cred will gain it plenty of mileage against its upstart competitors, IE8’s slowness might cause it to lose favor amongst capricious Internet users who can fire up any browser for free. After all, feeling the added protection of a better browser can wear off quickly as one waits for the homepage to putter along and load. By focusing on security out of necessity, Microsoft may have lost valuable ground in the speed races that grab users’ attention. That might end up making IE8 the losingest Internet Exploer yet, despite its vast improvements.