Only Google Chrome was left standing at the Pwn2Own 2010 hacking contest this week, the annual contest organized and sponsored by security company TippingPoint.

Independent researcher Peter Vreugdenhil made use of a heap overflow attack on Internet Explorer 8 (IE8), as well as successfully overcome Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) features built into the Windows OS. This was also done by another researcher who also bypassed DEP and ASLR to compromise Firefox.

HD Moore, creator of Metasploit and chief security officer for Rapid7, thinks that overcoming DEP and ASLR defenses reflects a trend, "On one hand, the skill required to develop reliable browser exploits is increasing, but new techniques, such as the memory leak used in this exploit, prove that OS-level exploit mitigations are still no excuse for writing vulnerable code." You can read more about ASLR and DEP here, where we reported on proof-of-concept code released by a Google security software engineer.

Charlie Miller, an analyst at Baltimore-based Independent Security Evaluators, brought down Safari running on a MacBook Pro running Snow Leopard--for the third year in a row. If anything, this proves that the Mac platform is not necessarily more secure than the Windows operating system.

Probably the most interesting would be two-man team of Vincenzo Iozzo and Ralf-Philipp Weinmann, who successfully exploited the iPhone. The iPhone hack exploitation is all the more impressive because its protected nature limits running of code to signed executables.

Only Google Chrome was left standing after the first day, where contest rules require that the exploit work on the latest stable release of browsers, but without making use of any third-party plug-ins or extensions.

So what lessons can we learn from Pwn2Own on the changing facade of security?  I share my thoughts in today's editor's corner.

For more on this story:
- check out this article at Computerworld
- check out this article at Dark Reading

Related Articles:
MacBook Air 'PWNED' in 2 min flat
Linux survives "PWN 2 OWN"
Cloud service to hack your WPA network in 20 minutes