CanSecWest is a Vancouver security conference which, among other things, holds a browser exploitation contest called Pwn2Own. If you can demonstrate arbitrary code execution against a fully-patched browser, you win cash and — if you’re the first victor — a computer.
Ten days ago, comrade Nils e-mailed to let me know he was going to be at the conference. I couldn’t make it myself, being stuck in Europe for the moment, but ever since that e-mail, I’ve been giggling like a schoolgirl about what I expected Nils would do at Pwn2Own.
What he wound up doing far exceeded my expectations. First, Nils scored against Safari on OS X. Then he scored again, hitting Internet Explorer 8 on Windows 7 (despite ASLR, DEP, and friends), snapping everyone’s head to attention. I was anticipating this might take place; the hardcore Sotirov/Dowd paper set the stage for it last year and Nils is smart enough to do it, yet the fact he pulled it off is still indisputably impressive. But the part no one saw coming: he asked for a third slot and scored against Firefox 3 on OS X, leaving Chrome the only browser to escape unscarred.
One man, two operating systems, three fallen browsers? I have no choice but to officially award comrade Nils the Ivan Krstić Seal of Mad Fucking Props.
And we now return to your regularly scheduled programming.
(Update, March 23rd: I originally believed he scored against Firefox on Windows, which turned out not to be the case. It was on OS X.)