Insufficient data from Andrew Fryer

The place where I page to when my brain is full up of stuff about the Microsoft platform

Internet Explorer 8 on Vista and Windows 7

Internet Explorer 8 on Vista and Windows 7

  • Comments 2
  • Likes

Viral has just pinged me a write up of a hacking contest from the Washington Post (he is American after all) . The "Pwn2Own" contest at the CanSecWest security conference in Vancouver won by a 25 year German student called “Nils”.  He won $15,000 for exposing a vulnerability in IE8 beta.  This is good as this is what betas are there for and this was fixed the next day by Microsoft (as discussed here on the Microsoft Security Research & defence blog) and so the released version is that but more secure.

However browsers run on operating systems so what’s also interesting in this article is how the cross platform browser Firefox is more secure on Windows Vista / Windows 7 of their data execution prevention (DEP) and address space layout randomization (ASLR) capabilities.  XP has DEP from sp2 but  ASLR only came in with Vista and to quote  Nils “ASLR doesn't appear to be properly implemented between OS X and versions of Safari and Firefox built for that operating system”.

Finally it is only with IE8 that the browser can block the .NET DEP +ASLR bypass mechanism and so as Nels says in the article

"It's getting pretty hard to do a lot of this stuff on Windows Vista and Windows 7”  

  • PingBack from

  • I downloaded internet explorer onto this lovely little Windows XP black cased Eee pc and it is working really well. Browser security is great and my small screen is not protesting, in fact she likes it! (I mean my PC) That may sound weird but I treat all of my pc's as I do my female friend's ie. very well and all of my pc's also have female name's and they never let me down.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment