Who's winning the new browser wars? We are. By "we," I mean consumers.
Just look at the stuff that has happened in the last couple of years. We've got a mature Safari, based on WebKit and the Squirrelfish engine, running just about as fast as any browser. Chrome is also based on WebKit but uses a completely new JavaScript engine named V8, and it blows the doors off of just about everything else. Firefox has hit 3.0 and now 3.5, with improved Gecko rendering and Spidermonkey / Tracemonkey keeping the browser competitive and all the extensions keeping it attractive to large numbers of users. Even IE has bumped up a couple of versions to 7 then 8, and there's no reason to call it a pig, either. (Oops, I forgot Opera Unite!)
Just imagine what we would have had in 2004 if IE hadn't won the original browser wars and sat at version 6 and 95% of web traffic for five years.
In Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari, it's obvious that the browser situation is pretty bad. Mac with Safari fell first with the first contestant, but the contestant order was by luck of the draw, meaning that any of the exploited browsers (that's all of them, by the way) could have been first to go. Ubuntu never fell, but that's mostly because it wasn't in the competition. The P2O discussion gets a lot of people stating that Linux (generally Ubuntu) is too well designed to be pwned this way. I say rubbish.
While getting a straight "drive-by" download going for a Linux distro would be difficult, if you include a little social engineering, it becomes quite easy.
Necessary ingredients:
1) Functionality the user want (e.g. porn viewing directly in Totem via a plugin)
2) A browser vuln giving you the ability to run a local command. Firefox has a few.
3) A distribution which uses gksudo to elevate permissions with a time-out policy. Ubuntu will work fine.
Process
1) Create a HowTo page or spam e-mail.
2) Ask the use to install software which is likely not installed -- totem-xine for example. If you use and apt: link, it will help. These are from the repos and are absolutely safe, and everyone knows it.
3) Break to second page (via link) with the browser exploit running gksudo and whatever command you need. It will not time out (using the gksudo token from the totem-xine install) and will elevate privileges automatically.
4) If your "Porn viewer" really works, you'll get plenty of traffic and plenty of bots. Make it really work.
5) Almost no one will ever know that they are owned because few run anti-virus or rootkit detection, and they didn't install anything outside of the repositories.
Not too difficult. Or you can take the more direct approach -- package your exploit in a .deb file with your porn viewer. The user downloads, double-clicks, and installs your malware.
Image by Sam Cornwell via Flickr![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vEQO3WfWQkNTNzktJ8t-zhcISeYv1WnoSUCqBy9MCb2tJTGNCMcoUPYO5ked7GcLKk-cLfYzc1HHe_fg7v5dhKxXNOazsjNwCOAs2iWe5I0iExExL-NV4yHawvG4pCxCCkRb6_WssCs34fKQS4HPFz=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vh2szMdyMezjcXv9nStLc1uUwOrhI6okzylUCjnV0FmxS2IN3I0L09CMsqSzwyLs14rwgv1QW3qDXkEySSKW6OET5FRmQSqYLTzeq5MyrDCsT4mE3vGHoaWyhxvltQwHiov4dnDMMqywkECQHZ2aw=s0-d)
