1 comment

[ 5.5 ms ] story [ 16.7 ms ] thread
Every year we see whatever operating systems, browsers, and devices get hacked at Pwn2Own, and it seems like the initial attack vector is always the same: get the user to navigate to a maliciously-crafted website, open a maliciously-crafted PDF, or read a maliciously-crafted email.

While technical safeguards against the subsequent attack paths (e.g. buffer overflows, broken SSL implementations, etc) is absolutely necessary, it seems like securing these paths is a cat-and-mouse game for technology vendors. They are consistently forced to react to flaws found by the security community and hackers.

Maybe there needs to be a larger push in the industry to "shore up the front gates", as it were. Things like user education, content-authenticity verification technologies, sand-boxes for interacting with remote (or received) content, etc.