That didn't take long. One day into the Pwn2Own hacking competition at CanSecWest and already Apple, Microsoft, and Mozilla have been sent packing to their respective labs to work on security issues in their browsers. In a repeat performance, Charlie Miller pocketed a $5,000 cash prize and a fully-patched MacBook by splitting it wide, and gaining full control of the device after a user clicked on his malicious link. Another white-hatter by the name Nils (pictured) toppled Internet Explorer 8 running on a Windows 7 laptop -- again, the five grand and compromised VAIO P laptop are now his to keep as compensation for turning over the malicious code. So much for "protection that no other browser can match," eh Mr. Ballmer? Nils then demonstrated a second Safari exploit before hacking Firefox later in the afternoon netting him a cool $15k by the close of day one. Only Google's Chrome was left unscathed -- Opera isn't part of the contest. This year's contest will also offer a $10,000 prize for every vulnerability successfully exploited in Windows Mobile, Android, Symbian, and the iPhone and BlackBerry OSes. In other words: this contest that runs through Friday isn't over by any stretch.

[Via ZDNET]

If you were thinking offline Gmail on your desktop was the greatest thing since sliced bread, prepare yourselves people. If an MWC keynote from Google's VP of engineering, Vic Gundotra, is any indication, the same functionality might be coming soon to an iPhone / Android phone near you. Amongst other things, the souped up web app boasts an overhauled interface, supports labels, and of course, offline access. Despite our own hunch that Google's just using black magic and voodoo to make this happen, Gundotra claims that it's all made possible through HTML5 standards -- AppCache being the biggie. This development certainly opens the doors to more offline-enabled web apps in the future -- Docs, anyone?. Of course, we know Apple has a thing about people messing with its own apps, so it's probably going to take some time / knee-breaking to get them to come around, but for some reason, we don't think it'll take as long with Android. There's a demo video available after the break, and please, try to contain yourselves.

Back in 2006 we were charmed by the classic looks and new-school tech offered by Leica's M8, and then again last year by its successor, the M8.2. Now the company has another update to woo us, confirmation of last year's rumor of an even more visually arresting version, the M8.2 Safari Special Edition. Its olive drab exterior makes it look like something you'd find slung around the neck of the Ernie Pyle's German WWII counterpart, an included waterproof bag means you can safely take this along for your next jungle adventure, and its 28mm f/2.8 ASPH lens should work well for capturing whatever you find out there -- big or small. Only 500 of these are set to be made, one of which can be yours for a typically excessive Leica price of $10,000.

[Via Impress]

We're going down our "things that absolutely must change on the iPhone" list, and yeah, "redo the Safari toolbar" isn't anywhere on there. Not even at the very bottom. Cupertino works in mysterious ways, though, and they've decided in firmware 2.2 that it's time to muck with the positioning of the text boxes so that the address bar and search bar both appear at all times without needing to first tap in the area. They've also moved the refresh button inside the address bar itself, which should truly revolutionize our browsing experience yet again. Apple, screw copy / paste -- we're officially stoked.

[Via Wired, thanks Konstantin]

Now that the BlackBerry Bold's made its official North American debut, there's a lot of talk about a video Mobile Computer did of the Bold getting blown away browsing head to head with an iPhone 3G over WiFi -- but there's a slight problem there: the Bold was actually using 3G and EDGE. Yeah, that's not a fair fight -- and given how flaky the iPhone 3G's data speeds can be, it actually reflects quite well on the Bold. Head to head on WiFi, the Bold does seem a tick slower, but we'll let you judge that for yourselves -- videos after the break.

Read - BGR browser vid
Read - Mobile Computer browser vid

A few dubious screens from Apple's upcoming OS X mini-update "Snow Leopard" popped up the other week, but now we're staring at a full-on collection of shots from the folks at German site Apfeltalk. They seem legit enough, but given the fact that Snow Leopard's improvements primary are under the hood, there's not a ton to see. Most interesting is a new Safari 4.0 feature to "Save as Web Application," which creates a Safari-lite, double-clickable application out of any webpage, similar to Firefox's Prism. Google Docs, anyone? Other features shown off in the screenshots include Exchange integration and Javascript benchmarks, but it's clear to see that Apple has perhaps a tiny bit more in store for Snow Leopard than what it's letting on.

[Thanks, John]

We now have official word from Samsung regarding the browser on its new Samsung L870 slider. You may recall that the Samsung-issued press release listed "Safari browser (full browsing)" as a feature. Now the clarification:

"Actually, L870 is equipped with S60 OSS browser, also known as S60 safari browser because both are using same webcore platform. Sorry again for the unclear specification, and bothering you with this."

Of course, the S60 browser has never been known, even informally, as the "S60 safari browser," but we'll let Samsung bang heads together internally over that one.

Yup, you read that right. We're not talking about just any Webkit-based browser, Samsung's long-rumored L870 slider features a full "Safari" browser (which we'll take to mean Webkit). The 13.5-mm thin phone pumps Symbian v9.3 and S60 3rd Edition Feature Pack 2 at its core with a 3 megapixel camera, 2.4-inch QVGA display, FM radio, Stereo Bluetooth, and microSD expansion. Unfortunately, this pup is tri-band GSM with single-band UMTS/HSDPA 3.6Mbps support so it'll be heading to Europe around the August time frame.

Update: As per the full press release (posted after the break), Samsung claimed that they'd brought mobile Safari to this device. Technically feasible, we suppose, but far more unlikely than some clueless PR flack screwing up the release. We'll let you know if Samsung HQ has anything differently to say about the matter, but until then we're calling this Webkit, not Safari.

Update 2: Yup, it's Webkit all right.

And just think -- last year you were singing Dino Dai Zovi's praises for taking control of a MacBook Pro in nine whole hours. This year, the PWN 2 OWN hacking competition at CanSecWest was over nearly as quickly as the second day started, as famed iPhone hacker Charlie Miller showed the MacBook Air on display who its father really was. Apparently Mr. Miller visited a website which contained his exploit code (presumably via a crossover cable connected to a nearby MacBook), which then "allowed him to seize control of the computer, as about 20 onlookers [read: unashamed nerds] cheered him on." Of note, contestants could only use software that came pre-loaded on the OS, so obviously it was Safari that fell victim here. Nevertheless, he was forced to sign a nondisclosure agreement that'll keep him quiet until "TippingPoint can notify the vendor," but at least he'll have $10,000 and a new laptop to cuddle with during his silent spell.

It's difficult to tell if this is just a little fear-mongering, or cause for real concern, but it looks like there's another iPhone / touch exploit out there lurking on the unseen horizons of those device's browsers. According to reports, a memory exploit -- similar to the previously-patched TIFF exploit -- has been discovered which affects units with firmware 1.0.2 all the way up to 1.1.3, thus carrying over to new 16GB iPhones and 32GB touches. Apparently, all you have to do is browse over to a site containing the malicious code, and it triggers a memory-exhausting script which causes the phone or iPod to crash. At this point, it doesn't appear to be anything more than a nuisance which can be easily circumvented by disabling JavaScript for Safari, though that hardly qualifies as a fix. To date, Apple hasn't issued a patch for the problem, but keep in mind it's only been a known issue since January 24th.

[Via iPhone World]

Devices supporting Vista's SideShow functionality aren't exactly flowing like water yet (seriously, when's the last time you saw someone sporting a W5Fe?), though that's not necessarily for a lack of interest. The functionality's plenty cool, it's just not really an overnight job getting enough manufacturers on board to support the concept and transform the consumer electronics landscape into a Vista-interfacing armada of small screens. If you had to boil it all down to exactly two things Microsoft could do to take SideShow from an ultra-niche market to ubiquity, though, let's be honest: they'd have to be to add Windows Mobile and iPhone support. Indeed, official WinMo support is a standing rumor, but in the meantime you can grab Ikanos Consulting's Go Gadgets beta, which supports installation and control of SideShow gadgets over pretty much any form of mobile connectivity you can throw at it. Turns out these guys have been hard at work making a general HTML renderer for gadgets, too, and have specialized it to look snappy on mobile Safari -- hence the iPhone and iPod touch support. This one isn't quite ready for public consumption yet, but if WinMo's how you roll, you can sign up for the beta now.

Read - SideShow on the iPhone
Read - Go Gadgets for Windows Mobile

Oops, researchers just unveiled a pretty serious security vulnerability in the iPhone. More specifically, it's Apple's Safari web browser which exhibits the vulnerability. Researchers at Independent Security Evaluators have used the vulnerability to take malicious control of the iPhone from rogue websites loaded with the exploit. Once in, researchers have full administrative access over the phone allowing them to listen in on room audio or snatch the SMS log, address book, call history, email passwords and more -- we're talking full access to your phone. Researchers note that the only way to stay safe is to check those URLs and only visit sites that you trust (which isn't very reassuring) and "may or may not be exploitable" from Mac and PC versions of Safari -- the same vulnerability exists only they haven't written the proof-of-concept exploit to test it yet. Apple has been notified of the vulnerability and a proposed fix with full public disclosure coming at the BlackHat conference on August 2nd. You listening InfoSec Sellout? That's how you report a bug. Check the exploit in video form after the break.

[Via MacRumors]