Aya ne kawai zai iya wanzuwa kuma a wannan yanayin ya zama mai bincike na tauraron Google. iPhone, Safari, Explorer har ma da Firefox da aka kafa sun fada ba tare da matsala ba a hannun mafi kyawun hackers a duniya waɗanda ke haɗuwa kowace shekara a Kanada don ƙoƙarin lalata sanannun tsarin wannan lokacin da kuma nuna gazawar tsaro. Koyaya, ba su iya keta mummunan yanayin sandbox wanda ke kare Chrome, babban launi wanda ya yi tsayayya da hare-haren ƙwararrun masanan komputa a duniya. |
Gasar Pwn2Own ta shekara-shekara a bikin baje kolin tsaro na CanSecWest a Vancouver yana ba da kyakkyawan yanayi don mafi kyawun masana tsaro na IT don duniya su tsunduma cikin duk wata matsala da na'urori da software. Kowace shekara, suna gudanar da ayyukansu don kauce wa matsalolin tsaro da tsarin da ake dubawa ke kokarin sanyawa, amma 'yan kalilan ne ke da damar kaiwa karshen gasar ba tare da wata gazawa ba.
Farkon wanda ya faɗi shine nasarar iPhone ɗin Apple, Vincenzo Iozzo da Ralf Philipp Weinmann kawai suna buƙatar sakan 20 don yin wawancen mashahurin na'urar wannan lokacin. Masu satar bayanan sun sanya iPhone ne kawai (ba tare da yantad da su ba) shiga cikin shafin da suka bunkasa a baya, daga inda suka kwafi dukkanin bayanan SMS din (har ma da wadanda aka goge) zuwa sabobinsu. Sun bayyana cewa duk da kokarin Apple na hana wadannan gibi, "yadda suka aiwatar da sanya hannu a lambar ya fi sauki." Sun lashe $ 15.000 don wannan zanga-zangar ta leken asirin kuma da zaran kamfanin apple ya gyara matsalar tsaro, za a nuna bayanan hanyar.
Charlie Miller, Babban Manajan Tsaro a Masu Tattaunawar Tsaro mai zaman kanta, ya sami damar yiwa Safari kutse akan MacBook Pro tare da Damisar Doki kuma ba shi da damar shiga jiki, yana samun $ 10,000. Wannan tsohuwar karniyar da ke aukuwa tana kulawa da fasa na'urar da Apple ya mallaka duk shekara. Da alama ya ɗauki bugun jini na alama. Ba zai cutar da kamfanin ba idan ya dauke shi aiki don ganin ko sau daya za su iya kawo karshen matsalar tsaro a cikin kayayyakinsu.
Mai binciken tsaro mai zaman kansa Peter Vreugdenhil ya sami irin wannan kaso na kutse na Internet Explorer 8, wanda ba ya ba kowa mamaki da ganin bugu daya da wani shi ma, saboda hare-haren duk wani masani da ya gabatar da shi ya buge shi. Don satar IE8 Vreugdenhil ya yi iƙirarin cewa ya yi amfani da raunin abubuwa biyu a cikin wani hari na ɓangare huɗu wanda ya keɓe ASLR (Randomization Space Layout Randomization) da DEP (Rigakafin Bayar da Bayanai), waɗanda aka tsara don taimakawa dakatar da kai hari a cikin mai binciken. Kamar yadda yake a cikin sauran ƙoƙari, tsarin ya sami matsala lokacin da mai binciken ya ziyarci wani shafi wanda ke karɓar lambar ƙeta. Hukuncin ya ba shi haƙƙoƙin komputa, wanda ya nuna ta hanyar gudanar da na'urar kalkuleta.
Firefox kuma dole ya durƙusa gwiwa zuwa ga wayon Nils, shugaban bincike na Burtaniya na MWR InfoSecurity, wanda ya samar da $ 10,000 daga yanayin raunin binciken da ke sa Microsoft ta kasance cikin sauƙi. Nils ya ce ya yi amfani da raunin lalacewar ƙwaƙwalwar ajiya kuma dole ne ya shawo kan ASLR da DEP saboda kwazon da ke cikin aiwatarwar Mozilla.
Kuma a ƙarshe, wanda kawai ya tsaya a tsaye shine Chrome. Ya zuwa yanzu shine kawai mai bincike wanda ya rage ba shi da nasara, wani abu wanda ya riga ya samu yayin bugun 2009 na wannan taron wanda ke faruwa a Kanada kuma wanda ke neman faɗakar da masu amfani da raunin shirye-shiryen. “Akwai kurakurai a cikin Chrome, amma suna da matukar wahalar amfani. Sun tsara samfurin 'sandbox', wanda ke da matukar wahalar karyawa, "in ji Charlie Miller, mashahurin dan fashin bayanan, wanda a wannan bugun ya yi nasarar karbe ikon Safari a kan Macbook Pro.
Source: Neoteo da Segu-Info da ZDNET