Microsoft Confirms First Vulnerability in IE8; Mobile Contest a Flop So Far

Less than 12 hours after pre-release bits were exploited, Microsoft confirmed for TippingPoint's Digital Vaccine Laboratories that the IE8 vulnerability was genuine and works on the release bits too. Look for an advisory from Microsoft soon.

No word from Apple or Mozilla, whose browsers were also compromised. Safari had, in fact, been the first browser cracked and was successfully exploited within 2 minutes. A different contestant then came up with exploits for IE8 and Firefox. Chrome remains unattacked, but day 3 remains on Friday.

TippingPoint also says that there has barely been any interest in the mobile cracking contest, even though the reward is $10,000 per device and you get to keep the phone with a 1 year contract. The phones and platforms available to attack are:

* Blackberry(TBA)
* Android(Dev G1)
* iPhone(locked 2.0)
* Nokia/Symbian(N95-1)
* Windows Mobile (HTC Touch)

Today on day 3 the rules also get easier: Contestants can attack anything on the phone, can assume Bluetooth is on and one level of user interaction with the default applications.
Continue reading here....