When it comes to security in IT, not a week goes by without a major discovery. We look at several stories that have cropped up recently to reveal the ongoing challenges invlved in protecting systems and data.

When it comes to security in IT, not a week goes by without a major discovery.

Whether it's the first sightings of a serious iPhone exploit or a new Captcha-conquering bot.

To illustrate this, I've decide to take a look at several of stories that have cropped up.

Chrome, the last browser standing at Pwn2Own

Results of TippingPoint's CanSecWest hacking contest, Pwn2Own, once again demonstrated that building a perfectly secure internet browser is very difficult.

Even though Mozilla and Apple rushed out dozens of last-minute security patches before the big contest, Firefox, Safari and Internet Explorer 8 all quickly fell.

A Safari bug even led to the first serious documented iPhone 3G exploit.

The only browser left standing was Google's Chrome. Many observers attributed this success to Chrome's aggressive security model (which is truly impressive in many ways).

But that would ignore the fact that Chrome has had at least 18 documented vulnerabilities in the past three months alone - nearly one-third of which would enable a malicious hacker to compromise a system or bypass access controls.

Those 18 vulnerabilities in Chrome followed 16 others reported during the three prior months - 60 percent of which could lead to system compromise or security control bypass.

This is not to say that Google Chrome isn't a secure browser. It's just that all the popular browsers seem to have their imperfections over time.

Personally, I'd love to see the Opera browser invited to participate in the contest, especially because it has always been a major player in the smartphone space.

Malicious ads spawning from 'trusted' sites

Antimalware company Avast reported that the majority of malicious ads (those containing malware or malicious scripts) are propagated by some of the most popular and trusted services, such as Google and Yahoo.

These ad services provide advertising content to tens of thousands of sites, including the ones that most people consider to be legitimate, and unsuspecting visitors can easily end up infected.

This isn't surprising as I've been talking about malicious ads for over two years.

This is just one more bit of research that proves that most people are getting exploited by visiting legitimate websites.

Heck, a pay-for-view porn site may actually be one of the safer places to visit. Banner ad companies need to do a better job of policing their own services and content.

NEXT PAGE: Bot solves Captchas using audio

  1. We look at the ongoing challenges of protecting systems and data
  2. Bot solves Captchas using audio
  3. US setting sites on countries harbouring cyber criminals