Free Republic
Browse · Search
General/Chat
Topics · Post Article

To: Halfmanhalfamazing
the vulnerability researcher who last year walked off with a $10,000 cash prize for breaking into an Apple laptop just a few minutes into the contest.

Nice reporting... leaving out the fact that it was the 2nd day, after several layers of security (that is, by default, usually on) were taken down.

And I don't recall if it was this event, or the one the previous year, where the person that "won" had to have physical access to the machine.

35 posted on 03/07/2009 5:38:13 PM PST by TheBattman (Pray for our country....)
[ Post Reply | Private Reply | To 1 | View Replies ]


To: TheBattman
Nice reporting... leaving out the fact that it was the 2nd day, after several layers of security (that is, by default, usually on) were taken down.

And I don't recall if it was this event, or the one the previous year, where the person that "won" had to have physical access to the machine.

Well, I'm not an Apple owner, but I certainly hope this guy fails. I want all hackers to fail (envisioning very long chain gang and rock breaking sentences for hackers).

41 posted on 03/07/2009 5:53:20 PM PST by Col Freeper (FR is a smorgasbord of Conservative thoughts and ideas - dig in and enjoy it to its fullest!)
[ Post Reply | Private Reply | To 35 | View Replies ]

To: TheBattman
And I don't recall if it was this event, or the one the previous year, where the person that "won" had to have physical access to the machine.

Previous year's. Last year's merely required that the contest referees navigate the browser to a prepared website and download and install a file. In addition, they do not tell people that Miller and his team of ex-NSA security experts, worked for three weeks to develop their exploit of Safari and Java, in order to win last year's contest. It was not "compromised in under two minutes" as implied by the hype... that was just the time to implement the exploit after working for three weeks to develop it.

As part of his interview for this article Charlie Miller claims, and is quoted as saying, that OS X does not use ASLR (address space location randomization). That is actually false. OS X Leopard does indeed use ASLR. In addition, it uses Systrace Sandboxing to limit what an application can do. However, Safari is not, at this time, sandboxed and should be.

46 posted on 03/07/2009 6:05:17 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 35 | View Replies ]

Free Republic
Browse · Search
General/Chat
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson