Posted on 03/07/2009 3:51:48 PM PST by Halfmanhalfamazing
Apple Inc.'s Safari is the juiciest target in the upcoming PWN2OWN hacking contest, last year's winner predicted today.
"It's an easy target," said Charlie Miller, the vulnerability researcher who last year walked off with a $10,000 cash prize for breaking into an Apple laptop just a few minutes into the contest. PWNOWN is slated for its third appearance at the CanSecWest security conference later this month in Vancouver, British Columbia.
"It might be because I'm biased about the things I'm good at, but it's the easiest browser [to hack]," Miller said.
PWN2OWN's sponsor, 3Com Inc.'s TippingPoint unit, will pay $5,000 for each new bug successfully exploited in Safari, Microsoft Corp.'s Internet Explorer 8, Mozilla Corp.'s Firefox or Google Inc.'s Chrome. IE8, Firefox and Chrome will be running on a Sony notebook powered by Windows 7, Microsoft's still-under-construction operating system, while Safari and Firefox will be available on a MacBook.
"Apple's products are really friendly to users, and Safari is designed to handle anything, including all kinds of file formats," said Miller. "With a lot of functionality comes the increased chance of bugs. The more complex software is, the less secure it is."
(Excerpt) Read more at computerworld.com ...
And I don't recall if it was this event, or the one the previous year, where the person that "won" had to have physical access to the machine.
Well, I'm not an Apple owner, but I certainly hope this guy fails. I want all hackers to fail (envisioning very long chain gang and rock breaking sentences for hackers).
LOL If you can build a PC to my specs I will pay you $1,200 each for all the PC's you can build : )
And how much longer will those automatic updates be coming out with XP support officially dropped by MS now? I guess the choices are still a buggy Vista, or the brand-spanking-new Windows 7 shortly... Yeah - MS's record with introduced OS is really great (sarcasm intended). Windows 7 might be the best MS has ever produced, after the SP1 version is released - but until then, it is basically beta for the mass audiences.
And it sure is "funny" (again, sarcasm intended) how this thread fired right up as a full-frontal assault on Apple.
I am, as is quite obvious, an Apple fan. But I have never, EVER tried to hide any faults in Apple. Steve Jobs is a liberal - but no more so than Bill and his Microsoft bunch. But Apple hardware, despite what so many on threads like this would like to deny (I think because PC/Windows keep those builders and technicians in a job), is generally some of the best made factory hardware available. Apple hardware still benchmarks WINDOWS better than the closest comparable PC hardware from any of the big makers.
Has Apple ever made a mistake - certainly - and some that were fairly public and ugly. But overall, Apple quality is not met by other market vendors. Customer satisfaction, year after year, rates Apple at the top - and this isn't just "Apple Fan Boys" rating their experience.
Some of you guys who "roll your own" - I am happy for you. I have put together a few PC's myself. The "ability" to do that just doesn't impress me. I for one like to buy a piece of hardware, plug it in, and it work as it is suppose to.
I learned a windows lesson the hard way just in the last week. My work laptop (I had no choice - it was purchased before I came here) - an HP Pavilion that is less than a year old - started acting odd, freezing/hanging, etc. All anti-virus current (Hmmmm... haven't yet had a need for that on any of my Apple products...), AdAware, SpamBot, etc. all functioning... found it to be a hardware issue.
Ok, call HP - laptop still under warranty. Sending me a new hard drive. Ok. Well, what about restore discs? Suppose to make those from my hard drive? Huh?
Sure enough, I dig up the packet that came with the laptop - and there is a picture of a disc with instructions how to make a restore disc... So - I tell HP on phone - and he promises to send a set of discs with my drive.
Fast forward 24 hours. I have purchased two external hard drives. One for my machine at home (to use TimeMachine as automatic backup solution) and one for the work laptop. Drive is formatted NTFS - so should be ready to go connected by USB 2. Wrong. The PC, running the most up-to-date Vista could not recognize it as a usable drive. After calling a friend - I found that this isn't unusual, and that I need to reformat (same file system) using Vista management.... ok... Finally got it working. But why? The other drive - I brought it home, unpacked, plugged in power brick, plugged in USB cable - and it was immediately recognized and available for use. Oh - that was on my PowerMac... Again, just works.
And I am sure I will get personally attacked on my comment - which has become a norm on here for Apple users - even if we state a simply fact - it is sliced and diced - even if completely accurate by those who are every bit as rabidly anti-Apple as the most ardent Apple "fan boys"...
It all seemed pretty innocuous to me. Apple / Jobs love fest’s are really fun too.
Fun is everywhere.
Intel or AMD? What specs? Then again, you buy the parts and I will do it for $350 an hour. :-)
Previous year's. Last year's merely required that the contest referees navigate the browser to a prepared website and download and install a file. In addition, they do not tell people that Miller and his team of ex-NSA security experts, worked for three weeks to develop their exploit of Safari and Java, in order to win last year's contest. It was not "compromised in under two minutes" as implied by the hype... that was just the time to implement the exploit after working for three weeks to develop it.
As part of his interview for this article Charlie Miller claims, and is quoted as saying, that OS X does not use ASLR (address space location randomization). That is actually false. OS X Leopard does indeed use ASLR. In addition, it uses Systrace Sandboxing to limit what an application can do. However, Safari is not, at this time, sandboxed and should be.
I spent five hours recently, getting a new Dell with Vista set up for a coworker. Could not ping out, no internet connection. Call Roadrunner, back and forth, back and forth, it’s a hardware problem, call Dell. Call Dell, go through at least four different tech support reps, none of whom had a firm grasp of English. Finally get a native English speaker, their best tech, and am told that the router is incompatible with Vista. Need a new router.
Five hours!
And this is a blast.
“I’ve built my last four PCs. Seems like my average cost comes in around $700”
Oh yeah, where do you get the parts?
Charlie Miller is not your average hacker. He is an ex-NSA computer security expert who has several other ex-NSA coworkers helping him. Just because HE will find a vulnerability does not mean that OS X, or Safari is weak, it means that an expert can find a way in retail but the wholesale exploitation of OS X is still extremely difficult.
It would not bother me much if he finds a vulnerability that he can exploit. That means that one more possible exploit vulnerability will be soon be closed. That is the way that open source software advancement works.
I just built a Quad-core Q6600, Gigabyte MB, Nvidia GTX260 with 4 gig of performance memory for about 500 bucks through newegg. I have everything screeming over-clocked.
Gets Benchmark scores rivaling the top line pc’s.
Used my old case, HD’s and PSU.
If i had to buy that stuff also maybe 200 bucks more.
I just bought a back up (extra reserve) PC. Got a refurb IBM ThinkCentre 2.8 HT, Win XP Pro, CD on Ebay for $90. Added some extra memory I had sitting around. Nice system for the money.
The price was too good. I could not get close building one. I am going to throw in one of my old drives and put the Beta of win7 on it.
Strange thread, with the cultist, overpriced things being tossed about. Is there a cult where people call Macs and their users cultists and foolish with their money?
For Joe user like me, I bought an iMac and a MacBook, the Imac was a refurb and the Macbook I bought new from a guy on Craiglist for about 33% off retail brand new. Maxed out the memory for cheap on both.
For 2 plus years I have had ZERO issues, zero time spent fiddling, no anti-virus, no spam filters, etc. etc. etc. ad infinitum. I’ve never once gotten mad at my computers, had to call people to explain this and that to me, fix things, etc.
My computers have never gotten slower, they work the same as they did out of the box, like the blissful 2-3 weeks I used to get with expensive PC’s.
I guess if you’re really know a lot about PC’s you can save a few bucks maybe, build a really fast computer and IF you enjoy tinkering and bullet-proofing and keeping up with all the latest tricks of the PC trade a PC is for you.
For a computer dummy like me who just wants to do his work and have fun on the computer and has no interest in the inner workings that so many PC guys totally take for granted I feel like I STOLE these computers. They’re both Intel Core 2 Duo’s 2.16 and I bet they’ll be around for years to come, even when I get a new one just for the hell of it down the line.
My computers work as good or better as they did out of the box over 2 years later and I haven’t had to do or learn a damn thing, that’s worth something to me, quite a bit actually.
Well put.
I have an old ibook G4. A good computer with no problems.
I recently upgraded to a MacBook for work at home reasons. I bought Win XP and partitioned the drive. Installed WinXP so I can do my work stuff. This computer rocks!
I still have the ibook g4 in the other room. It still rocks.
I also have an older Windows laptop that kept crashing. So I, as computer illiterate as I am, am installing linux on it so it can be useful again.
Mac stuff works.
Now, build that computer into the back of a 20" LCD screen, complete with Firewire 800, BlueTooth, WIFI, and Gigabit Ethernet...and make it completely silent in operation. What does it cost to make now? ;^)>
What happens when the warranty ends and the screen craps out?
And how long have you actually used a modern Mac OS X to be sufficiently experienced to be qualified to hold that opinion?
Intel of course. Top of the line Mac Pro specs with 2 tera byte drives and lets say 16 gigs of ram. It should be a piece of cake for you : )
I will let you make all the profit you can from the $1,200 : )
Why I use FIREFOX with my Macs. Safari has a lot of bugs.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.