Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Apple's Safari will fall first at hacker contest, past winner predicts
Computer World ^ | March 3rd | Gregg Keizer

Posted on 03/07/2009 3:51:48 PM PST by Halfmanhalfamazing

Apple Inc.'s Safari is the juiciest target in the upcoming PWN2OWN hacking contest, last year's winner predicted today.

"It's an easy target," said Charlie Miller, the vulnerability researcher who last year walked off with a $10,000 cash prize for breaking into an Apple laptop just a few minutes into the contest. PWNOWN is slated for its third appearance at the CanSecWest security conference later this month in Vancouver, British Columbia.

"It might be because I'm biased about the things I'm good at, but it's the easiest browser [to hack]," Miller said.

PWN2OWN's sponsor, 3Com Inc.'s TippingPoint unit, will pay $5,000 for each new bug successfully exploited in Safari, Microsoft Corp.'s Internet Explorer 8, Mozilla Corp.'s Firefox or Google Inc.'s Chrome. IE8, Firefox and Chrome will be running on a Sony notebook powered by Windows 7, Microsoft's still-under-construction operating system, while Safari and Firefox will be available on a MacBook.

"Apple's products are really friendly to users, and Safari is designed to handle anything, including all kinds of file formats," said Miller. "With a lot of functionality comes the increased chance of bugs. The more complex software is, the less secure it is."

(Excerpt) Read more at computerworld.com ...


TOPICS: Computers/Internet
KEYWORDS: apple; baneriklatranyi; bestofiggle; ilovebillgates; iwanthim; iwanthimbad; microsoftfanboys; mssackcloth; safari; windohs; worstofiggle
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 121-138 next last
To: TheBattman
Nice reporting... leaving out the fact that it was the 2nd day, after several layers of security (that is, by default, usually on) were taken down.

And I don't recall if it was this event, or the one the previous year, where the person that "won" had to have physical access to the machine.

Well, I'm not an Apple owner, but I certainly hope this guy fails. I want all hackers to fail (envisioning very long chain gang and rock breaking sentences for hackers).

41 posted on 03/07/2009 5:53:20 PM PST by Col Freeper (FR is a smorgasbord of Conservative thoughts and ideas - dig in and enjoy it to its fullest!)
[ Post Reply | Private Reply | To 35 | View Replies]

To: JSteff
I build all my own PC’s. Loaded rarely cost over $400 or $500 MAX. Most of the software is FREE because everyone writes for XP.

LOL If you can build a PC to my specs I will pay you $1,200 each for all the PC's you can build : )

42 posted on 03/07/2009 5:57:23 PM PST by LeGrande (I once heard a smart man say that you canÂ’t reason someone out of something that they didnÂ’t reaso)
[ Post Reply | Private Reply | To 27 | View Replies]

To: Question_Assumptions
v

And how much longer will those automatic updates be coming out with XP support officially dropped by MS now? I guess the choices are still a buggy Vista, or the brand-spanking-new Windows 7 shortly... Yeah - MS's record with introduced OS is really great (sarcasm intended). Windows 7 might be the best MS has ever produced, after the SP1 version is released - but until then, it is basically beta for the mass audiences.

And it sure is "funny" (again, sarcasm intended) how this thread fired right up as a full-frontal assault on Apple.

I am, as is quite obvious, an Apple fan. But I have never, EVER tried to hide any faults in Apple. Steve Jobs is a liberal - but no more so than Bill and his Microsoft bunch. But Apple hardware, despite what so many on threads like this would like to deny (I think because PC/Windows keep those builders and technicians in a job), is generally some of the best made factory hardware available. Apple hardware still benchmarks WINDOWS better than the closest comparable PC hardware from any of the big makers.

Has Apple ever made a mistake - certainly - and some that were fairly public and ugly. But overall, Apple quality is not met by other market vendors. Customer satisfaction, year after year, rates Apple at the top - and this isn't just "Apple Fan Boys" rating their experience.

Some of you guys who "roll your own" - I am happy for you. I have put together a few PC's myself. The "ability" to do that just doesn't impress me. I for one like to buy a piece of hardware, plug it in, and it work as it is suppose to.

I learned a windows lesson the hard way just in the last week. My work laptop (I had no choice - it was purchased before I came here) - an HP Pavilion that is less than a year old - started acting odd, freezing/hanging, etc. All anti-virus current (Hmmmm... haven't yet had a need for that on any of my Apple products...), AdAware, SpamBot, etc. all functioning... found it to be a hardware issue.

Ok, call HP - laptop still under warranty. Sending me a new hard drive. Ok. Well, what about restore discs? Suppose to make those from my hard drive? Huh?

Sure enough, I dig up the packet that came with the laptop - and there is a picture of a disc with instructions how to make a restore disc... So - I tell HP on phone - and he promises to send a set of discs with my drive.

Fast forward 24 hours. I have purchased two external hard drives. One for my machine at home (to use TimeMachine as automatic backup solution) and one for the work laptop. Drive is formatted NTFS - so should be ready to go connected by USB 2. Wrong. The PC, running the most up-to-date Vista could not recognize it as a usable drive. After calling a friend - I found that this isn't unusual, and that I need to reformat (same file system) using Vista management.... ok... Finally got it working. But why? The other drive - I brought it home, unpacked, plugged in power brick, plugged in USB cable - and it was immediately recognized and available for use. Oh - that was on my PowerMac... Again, just works.

And I am sure I will get personally attacked on my comment - which has become a norm on here for Apple users - even if we state a simply fact - it is sliced and diced - even if completely accurate by those who are every bit as rabidly anti-Apple as the most ardent Apple "fan boys"...

43 posted on 03/07/2009 5:57:58 PM PST by TheBattman (Pray for our country....)
[ Post Reply | Private Reply | To 34 | View Replies]

To: HangnJudge
“What I see is a a Hate-On-Apple fest”

It all seemed pretty innocuous to me. Apple / Jobs love fest’s are really fun too.

Fun is everywhere.

44 posted on 03/07/2009 5:58:53 PM PST by JSteff
[ Post Reply | Private Reply | To 30 | View Replies]

To: LeGrande
“LOL If you can build a PC to my specs I will pay you $1,200 each for all the PC’s you can build : ) “

Intel or AMD? What specs? Then again, you buy the parts and I will do it for $350 an hour. :-)

45 posted on 03/07/2009 6:02:49 PM PST by JSteff
[ Post Reply | Private Reply | To 42 | View Replies]

To: TheBattman
And I don't recall if it was this event, or the one the previous year, where the person that "won" had to have physical access to the machine.

Previous year's. Last year's merely required that the contest referees navigate the browser to a prepared website and download and install a file. In addition, they do not tell people that Miller and his team of ex-NSA security experts, worked for three weeks to develop their exploit of Safari and Java, in order to win last year's contest. It was not "compromised in under two minutes" as implied by the hype... that was just the time to implement the exploit after working for three weeks to develop it.

As part of his interview for this article Charlie Miller claims, and is quoted as saying, that OS X does not use ASLR (address space location randomization). That is actually false. OS X Leopard does indeed use ASLR. In addition, it uses Systrace Sandboxing to limit what an application can do. However, Safari is not, at this time, sandboxed and should be.

46 posted on 03/07/2009 6:05:17 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 35 | View Replies]

To: TheBattman

I spent five hours recently, getting a new Dell with Vista set up for a coworker. Could not ping out, no internet connection. Call Roadrunner, back and forth, back and forth, it’s a hardware problem, call Dell. Call Dell, go through at least four different tech support reps, none of whom had a firm grasp of English. Finally get a native English speaker, their best tech, and am told that the router is incompatible with Vista. Need a new router.

Five hours!


47 posted on 03/07/2009 6:05:57 PM PST by RegulatorCountry
[ Post Reply | Private Reply | To 43 | View Replies]

To: JSteff
Fun is everywhere.
Fun is in the eye of the beholder
48 posted on 03/07/2009 6:07:46 PM PST by HangnJudge
[ Post Reply | Private Reply | To 44 | View Replies]

To: HangnJudge
Fun is in the eye of the beholder

And this is a blast.

49 posted on 03/07/2009 6:08:26 PM PST by TomServo
[ Post Reply | Private Reply | To 48 | View Replies]

To: Col Freeper

“I’ve built my last four PCs. Seems like my average cost comes in around $700”

Oh yeah, where do you get the parts?


50 posted on 03/07/2009 6:10:37 PM PST by JSteff
[ Post Reply | Private Reply | To 38 | View Replies]

To: Col Freeper
Well, I'm not an Apple owner, but I certainly hope this guy fails. I want all hackers to fail (envisioning very long chain gang and rock breaking sentences for hackers).

Charlie Miller is not your average hacker. He is an ex-NSA computer security expert who has several other ex-NSA coworkers helping him. Just because HE will find a vulnerability does not mean that OS X, or Safari is weak, it means that an expert can find a way in retail but the wholesale exploitation of OS X is still extremely difficult.

It would not bother me much if he finds a vulnerability that he can exploit. That means that one more possible exploit vulnerability will be soon be closed. That is the way that open source software advancement works.

51 posted on 03/07/2009 6:11:32 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 41 | View Replies]

To: LeGrande

I just built a Quad-core Q6600, Gigabyte MB, Nvidia GTX260 with 4 gig of performance memory for about 500 bucks through newegg. I have everything screeming over-clocked.
Gets Benchmark scores rivaling the top line pc’s.
Used my old case, HD’s and PSU.
If i had to buy that stuff also maybe 200 bucks more.


52 posted on 03/07/2009 6:14:23 PM PST by mowowie
[ Post Reply | Private Reply | To 42 | View Replies]

To: Col Freeper
“Expect the next one to be cheaper though, because of the constantly dropping prices for the hardware.”

I just bought a back up (extra reserve) PC. Got a refurb IBM ThinkCentre 2.8 HT, Win XP Pro, CD on Ebay for $90. Added some extra memory I had sitting around. Nice system for the money.

The price was too good. I could not get close building one. I am going to throw in one of my old drives and put the Beta of win7 on it.

53 posted on 03/07/2009 6:18:20 PM PST by JSteff
[ Post Reply | Private Reply | To 38 | View Replies]

To: Swordmaker

Strange thread, with the cultist, overpriced things being tossed about. Is there a cult where people call Macs and their users cultists and foolish with their money?

For Joe user like me, I bought an iMac and a MacBook, the Imac was a refurb and the Macbook I bought new from a guy on Craiglist for about 33% off retail brand new. Maxed out the memory for cheap on both.

For 2 plus years I have had ZERO issues, zero time spent fiddling, no anti-virus, no spam filters, etc. etc. etc. ad infinitum. I’ve never once gotten mad at my computers, had to call people to explain this and that to me, fix things, etc.

My computers have never gotten slower, they work the same as they did out of the box, like the blissful 2-3 weeks I used to get with expensive PC’s.

I guess if you’re really know a lot about PC’s you can save a few bucks maybe, build a really fast computer and IF you enjoy tinkering and bullet-proofing and keeping up with all the latest tricks of the PC trade a PC is for you.

For a computer dummy like me who just wants to do his work and have fun on the computer and has no interest in the inner workings that so many PC guys totally take for granted I feel like I STOLE these computers. They’re both Intel Core 2 Duo’s 2.16 and I bet they’ll be around for years to come, even when I get a new one just for the hell of it down the line.

My computers work as good or better as they did out of the box over 2 years later and I haven’t had to do or learn a damn thing, that’s worth something to me, quite a bit actually.


54 posted on 03/07/2009 6:21:15 PM PST by word_warrior_bob (You can now see my amazing doggie and new puppy on my homepage!! Come say hello to Jake & Sonny)
[ Post Reply | Private Reply | To 33 | View Replies]

To: word_warrior_bob

Well put.

I have an old ibook G4. A good computer with no problems.
I recently upgraded to a MacBook for work at home reasons. I bought Win XP and partitioned the drive. Installed WinXP so I can do my work stuff. This computer rocks!

I still have the ibook g4 in the other room. It still rocks.

I also have an older Windows laptop that kept crashing. So I, as computer illiterate as I am, am installing linux on it so it can be useful again.

Mac stuff works.


55 posted on 03/07/2009 6:30:00 PM PST by Jet Jaguar (Atlas Shrugged Mode: ON)
[ Post Reply | Private Reply | To 54 | View Replies]

To: Col Freeper
I've built my last four PCs. Seems like my average cost comes in around $700.

Now, build that computer into the back of a 20" LCD screen, complete with Firewire 800, BlueTooth, WIFI, and Gigabit Ethernet...and make it completely silent in operation. What does it cost to make now? ;^)>

56 posted on 03/07/2009 6:30:35 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 38 | View Replies]

To: Swordmaker

What happens when the warranty ends and the screen craps out?


57 posted on 03/07/2009 6:50:15 PM PST by mowowie
[ Post Reply | Private Reply | To 56 | View Replies]

To: Sudetenland
Apples are a cult. They are no better than you average PC and cost three times as much.

And how long have you actually used a modern Mac OS X to be sufficiently experienced to be qualified to hold that opinion?

58 posted on 03/07/2009 6:55:59 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 28 | View Replies]

To: JSteff
Intel or AMD? What specs? Then again, you buy the parts and I will do it for $350 an hour. :-)

Intel of course. Top of the line Mac Pro specs with 2 tera byte drives and lets say 16 gigs of ram. It should be a piece of cake for you : )

I will let you make all the profit you can from the $1,200 : )

59 posted on 03/07/2009 7:00:03 PM PST by LeGrande (I once heard a smart man say that you canÂ’t reason someone out of something that they didnÂ’t reaso)
[ Post Reply | Private Reply | To 45 | View Replies]

To: Halfmanhalfamazing

Why I use FIREFOX with my Macs. Safari has a lot of bugs.


60 posted on 03/07/2009 7:04:20 PM PST by yazoo
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 121-138 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson