That is how long it took for IE 8 to get hacked in the “Pwn2Own” contest at the CanSecWest security conference, held last week in Vancouver.
A hacking mainstay from Germany who goes by the nickname “Nils,” along with Peter Vreugdenhil, found ways to disable IE 8’s touted DEP (data execution prevention) and ASLR (address space layout randomization) protections, which are two of the most vaunted anti-exploit features in Windows Vista and Windows 7. Nils also was a big winner at last year’s Pwn2Own contest.
“Even though two minutes seems like a short time, delaying hacker success is part of the security goal”, says Paul Cooke, Microsoft Security Expert. Read the full story at RCPmag.