A handful of hackers will leave CanSecWest's security show a little richer than when they arrived after participating in the annual Pwn2Own contest. Charlie Miller, for example, won $10,000 for hacking Safari on a MacBook Pro without having physical access to the rig. You may recall that Miller, a principal security analyst at Independent Security Evaluators, walked away with $5,000 last year for exploiting a hole in Safari, and $10,000 for hacking a MacBook Air in 2008.
Safari wasn't the only software to fall. Peter Vreugdenhil won $10,000 for hacking Microsoft's Internet Explorer 8 browser, while Nils, head of research at UK-based MWR InfoSecurity, collected the same amount for exploiting Firefox on Windows 7-64 bit (Nils declined to provide his last name).
Both Ralf Philip Weinmann and Vincenzo Iozzo will share a $15,000 prize for hacking Apple's iPhone. They did so with an exploit written two weeks ago designed to steal the contents of the SMS database.
"The payload executes and uploads the local SMS database of the phone to the server we control," Weinmann said.
The big news in browser development today is that Microsoft made a series of announcements surrounding its upcoming Internet Explorer 9 at MIX10. Chief among them is that the IE9 Platform Preview is now available for public consumption, but that's really just the tip of the iceberg.
"Internet Explorer 9 enabling GPU-accelerated HTML5 is a milestone for visual computing," said Drew Henry, general manager of GeForce and ION GPU business unit at Nvidia. "By harnessing the power of Nvidia GPUs, Internet Explorer 9 removes the glass ceiling for Web developers, enabling them to build graphically rich, high-performing Web applications."
As part of a regulatory requirement imposed by the European Union, Microsoft has implemented a browser ballot for European Windows users, and as expected, the ballot has given rise to alternative browsers.
According to Mozilla, more than 50,000 people had downloaded Firefox as a direct result of the choice screen Microsoft is forced to show.
"It's definitely being taken up, so consumers are paying attention and taking advantage of the choice being offered to them," said Thomas Vinje, legal counsel to the European Committee for Interoperable Systems, a lobbying group based in Brussels whose members include Opera.
While the initial results look promising for Firefox and other competitors, Microsoft said it's too early to draw a conclusion on whether the choice screen could lead to significant users ditching Internet Explorer.
There's been a lot of talk regarding Microsoft's upcoming browser ballot, but not a whole lot of concrete details, and no screenies. Until today. In a blog post, Microsoft's deputy counsel Dave Heiner outlined "what to expect" from its EU-mandated "Web browser choice screen."
"External testing of the choice screen will begin next week in three countries: the United Kingdom, Belgium, and France. Anyone in those countries who wishes to test it can download the browser choice screen software update from Windows Update. We plan to begin a phased roll-out of the update across Europe the week of March 1," Heiner wrote.
The browser choice screen will include a "list of leading browsers," including Google Chrome, Mozilla's Firefox, Apple's Safari, Opera Software's Opera, and of course Redmond's own Internet Explorer. These five browsers will be displayed in random order so as not to favor one over the other. Users will also have the option of scrolling to the right to view 7 more browsers, also laid out in random order.
It's long been believed that eventually Firefox would catch up with, and maybe even overtake, Microsoft's Internet Explorer browser as the most used browser on the planet. And while that's still possible, the race to knock IE down a peg could end up being a two-participant sprint between Firefox and a suddenly spunky Chrome browser.
In an uncharacteristic slide for Mozilla's open-source browser, Firefox dropped 0.20 percentage points from 24.61 percent to 24.41 percent between December 2009 and January 2010. Meanwhile, Chrome took a relatively big step forward to the tune of 0.57 percentage points, increasing its market share from 4.63 percent to 5.20 percent. Keep in mind we're talking about a single month here, folks.
Internet Explorer, meanwhile, continues to decrease its lead, having given up 0.51 percentage points to go from 62.69 percent down to 62.18 percent. IE stills holds a sizable lead, but continues to go in the wrong market share direction.
But for the first time in a long time, the overall focus isn't so much on IE versus everyone else, but the new battle that's shaping up between Firefox and Chrome. And this will only get more interesting with time now that Chrome has finally added extensions support, and has even tossed Greasemonkey scripts into the mix.
Those who think IE's time in the enterprise is numbered should think again, says a Devil Mountain Software researcher, who notes that more than 80 percent of the company's 22,000 PCs run Microsoft's browser during the workday.
"The idea that IE will go away is far fetched," said Craig Barth, CTO at Devil Mountain. "People who say those kinds of things simply don't have a grasp on the internal organization of enterprises, or the bureaucracy of companies. Until enterprises flush out the internal applications that rely on IE, that use unsupported and undocumented layout commands, IE sin't goin anywhere. And those dinosaur applications are almost impossible to get rid of."
Barth may have a point, but there's also no doubt there's been a major shift in the past several years. Some data suggests that IE has been steadily declining from its share high of 95 percent in 2004. According to Net Applications, IE has fallen some 4.5 points in the last 18 weeks of 2009 before hitting a new low of 63 percent.
Internet Explorer users who have yet to upgrade to IE8 should take note. According to security firm Symantec, there's a pretty nasty Zero Day exploit that affects both IE6 and IE7.
"The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future," Symantec explained in a blog post. "When this happens, attackers will have the abilty to insert the exploit in websites infecting potential visitors."
Out with the old and in with the new appears to be the theme for September. It doesn't even matter that Windows 7 hasn't been officially released yet, the Release Candidate has been solid enough for Vista users to leave their old OS behind and rock out with Microsoft's newest darling, according to market share data by web metrics firm Net Applications.
Vista's market share dipped by 0.18 percent in September, which isn't earth shattering, but it is the first time the OS has back tracked since January 2008. Windows 7, on the other hand, climbed 0.34 percent and now claims 1.52 percent of the market. Not bad for a pre-release OS.
On the browser front, Internet Explorer fared a little worse, losing 1.26 percent of its market share. The continued backwards slide has to be troubling for Microsoft, especially considering IE's market share set a new low of 65.7 percent. That's good news for Firefox and Chrome, whose market share jumped by 0.77 percent and 0.33 percent, respectively.
Turns out Microsoft isn't the only one concerned about Google's Chrome Frame, an extension which embeds Google's Chrome browser in Internet Explorer. Emerging as an unlikely supporter in Microsoft's corner, Mike Shaver, VP of Engineering for Mozilla, added his thoughts in a blog post.
"Running Chrome Frame within IE makes many of the browser application's features non-functional, or less effective," Shaver wrote. ""These include private browsing mode or their other security controls, features like accelerators or add-ons that operate on the content area, or even accessibility support."
Shaver when on to say that the users would be "seriously hindered" in understanding the web's security model and how their browser operates. A better solution, says Shaver, is if Frame-friendly sites explained to users that their site worked better in Chrome.
Firefox continues to chip away at Internet Explorer's market share, with Microsoft's browser posting its largest loss last month since November 2008.
Of course, we're still talking about small numbers overall. IE fell 1.1 percentage points to 66.6 percent in August, so it's in no immediate danger of yielding to Firefox, the main beneficiary who gained 0.8 percentage points to 23.3 percent. But the downward trend has to be cause for concern for Microsoft. In the past 12 months, IE has unwillingly given up 8.6 points of browser share.
On a positive note (for Microsoft), IE8 gained 2.7 percentage points in August, more than making up for IE6's 2.4 percentage loss, which is the biggest drop since December 2007. IE7 also took a step backwards, however, to the tune of 1.9 points.
While Firefox and IE duke it out for the top spot, Chrome is on pace to replace Safari as the No. 3 browser in 11 months. And if Google's aggressive campaign to promote Chrome pays off, we could be looking at a 3-way slug fest for the most used browser on the planet.