Microsoft Windows 7 provides two major protections against hackers, and those are DEP (data execution prevention) and ASLR (address space layout randomization).  Unfortunately, at a hacking contest known as Pwn2Own, two researchers were successfully bypassed those protections that Windows 7 has been so proud of.  Thanks to IE8, the hack was able to allow one of the researchers took control of the Windows 7 machine.  Another researcher was able to use another type of exploit to hack Mozilla’s Firefox 3.6 to bypass the same protections that Windows 7 has provided, and the result was clear that a Windows 7 machine was compromised.

No worry though, the peoples from Microsoft and Mozilla were there and witnessed the contest, and these peoples were definitely brought back of what they knew about the exploitations so theirs experts could work on to patch up the exploits.  The contest wasn’t released any critical information of which to allow other hackers to simulate or carry out the same attacks.  Still, the genie is already out of the bottle!  Hackers who have thought about bypassing the DEP and ASLR were tough and a waste of time would have to rethink as the researchers at the contest were able to bypass the protections with little less or more than 2 minutes.  This is bad news for the rest of us who are using Windows 7 and IE8 and Mozilla’s Firefox 3.6, because the known exploits although not yet made known to the hackers aren’t yet patched.  Hackers are bunch of smart and persistent humans, and so they probably are going to challenge themselves to see if they can replicate what the researchers had done at the Pwn2Own contest.  Let hope only the good hackers get some success and the bad won’t have a clue of how to bypass the Windows 7′s protections just yet.  (Good hackers are the white hackers who are working for security companies, and the bad hackers are the black hackers who also known as crackers since they’re cracking other people’s machines and software for profit and evil intentions.)

Folks who are now think that other browsers other than IE8 and Firefox 3.6 are safer to use may be right and may also be wrong!  Why?  Thanks to the elite contest such as Pwn2Own, Microsoft and Mozilla are now knowing about the exploits and have proceeded to patch up the exploits, and for this reason the two browsers are somewhat relatively safer than before.  Other browsers are safe because those weren’t the tested pigs that the researchers had dealt with.  Safety through obscurity is weak in my opinion.  Still, it’s a quick and a dirty patch for the paranoid computer users who want to stay relatively safe on the web by switching to other browsers until IE8 and Firefox 3.6 update with new patches.  In my opinion, IE8 and Firefox 3.6 are somewhat safer in the long run, because these two browsers are more targeted since these browsers have the largest browser’s user share.  If you’re still not clear in what I mean, here is another way to skin a cat.  Browsers that are more targeted have been patching up more; browsers that are less targeted have not yet been exploited as much therefore less safer since more unknown exploits are still lurking around and needing to be patch up.  Source.