Hacker Newsnew | past | comments | ask | show | jobs | submit | sswam's commentslogin

they do protect the Government...


Let's say that, like most everyone else in the world, they already know how to break firefox and internet explorer, etc. They don't want to spy on your net, they want to steal your files.


s/ those who are willing to pay / those (ONLY) who asked for and funded research into such a hack /


The Govt in question is obviously the US Govt. They want to know how to break Chrome, and every other net-facing app, so that they can hack your computer and spy on you, whoever you might be. Did you know, the CIA does do espionage?


Yeah, and no other governments do, especially not the french...


maybe Govt is envious because Google is already more powerful and capable and certainly better liked than it!


I thought Pwn2own didn't even try to?


they did say "exclusive"


so google can fix it for 99% cases with ulimit or similar windows thing. problem solved


No, Google can fix by not letting programs downloaded from the Internet write to arbitrary memory locations.

Actually, you can fix it, too: chromium is open source.


Actually, you can fix it, too: chromium is open source.

Good to see this tired claim getting its play in this thread. I wondered how long it would be until it showed up. I think everyone who says "go fix it, it's open-source" should instead be required to come back with a diff within 24 hours.


People are quick to demand bug fixes or better security, but they never seem interested in actually doing the work.

I don't use Chrome or Windows, so I have almost negative personal interest in this story. However, some people probably do use Chrome and Windows, and those people's demands should be tempered by reality. If they didn't find this bug, why did they expect Google to?

I think everyone who says "go fix it, it's open-source" should instead be required to come back with a diff within 24 hours.

I think everyone should be required to give me a pony.


The person you replied to did not demand anything but instead theorized about a way to fix it.

I love how you assert that literally anybody could check out Chromium and fix the sandbox, a sensitive security-essential part of the browser, with very little effort required to appreciate the source and all of the moving parts.


I love how you assert that literally everybody is too dumb to understand computer programs that they use.


Not dumb, there's just a lot of skills assumed to work on the security components of a modern Web browser. I would never claim that I could turn around and fix this bug as an outside developer. Words in my mouth.


In my opinion, this is one step away from sacrificing a virgin to make it rain. We should control our own software destiny and not just hope other people will do it for us.


http://ycombinator.com/newsguidelines.html


Please avoid introducing classic flamewar topics unless you have something genuinely new to say about them.


I can fix it right now. Delete the flash player - problem solved. Chrome still works.


There's absolutely no evidence that this has anything to do with Flash. In fact, even if it was via Flash, there would still have to be another vulnerability to escape the Chrome sandbox, which could very likely be exploited via other means.


I don't see how Flash can be the culprit or solution considering it is sandboxed. Chrome must contain a massive exploit.


I thought the point was that they broke the sandboxing.


Sadly, one aspect of security is psychological acceptability. If nobody will do the secure thing, it's not secure.


one is not obliged to prove innocence in a sensible court of law


At least in the US, civil court cases do not have the presumption of innocence, only criminal cases do.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: