WikiWirral Wirral's Biggest Online Forum
Forum Stats
12137 Members
65 Forums
72391 Topics
976105 Posts
37 posts in the last 24hrs
Max Online: 7831 @ 8th Apr 2013 4:18pm
Who's Online - Click Me
26 registered (5 invisible), 577 Guests and 154 Spiders online.
Key: Admin, Global Mod, Mod
Social Media : Follow Us


(Views 7days)This Weeks Most Read
Wirral Globe 612
HMT Lancastria 450
Another Big Waste Fire in Liverpool. 420
Name help 394
Vet help 334
Vet help 300
54 plate renault clio 3rd brake light 205
Another tree down on Arrowe park Road? 204
That was kept a bit quiet? 163
Mobile mechanic needed to fit a wishbone 149
New General Forums
Lib/dems rule the day
by JimmyG
2nd Dec 2016 10:59pm
Daft funny joke
by venice
2nd Dec 2016 5:54pm
We dont learn much.
by venice
1st Dec 2016 9:22pm
Freegle
by venice
1st Dec 2016 6:36pm
New Wirral History
Name help
by Paternoster21
3rd Dec 2016 8:03am
HMT Lancastria
by granny
2nd Dec 2016 11:38pm
Cubitts Holland and Hannen
by fish5133
27th Nov 2016 5:38pm
Fire station
by chris7777
22nd Nov 2016 12:24pm
Buy a house in Greasby for 12s a week - in 1935
by yoller
6th Oct 2016 6:56pm
Forum Tips
Photo Gallery Forums
fireworks on the Mersey last night
Hadlow train station
Topic Replies
HMT Lancastria
by tomcat77
RIP Peter Vaughan
by Gibbo
10:56 AM
Another Big Waste Fire in Liverpool.
by Gibbo
10:53 AM
Talk Talk Security Breach
by Gibbo
10:51 AM
Blank Page : Offline
by Mark
09:23 AM
Vet help
by diggingdeeper
10:50 PM
Iphone 5s, Grey, near mint condition, 50
by anniebo28
09:39 PM
Mobile mechanic needed to fit a wishbone
by anniebo28
07:30 PM
That was kept a bit quiet?
by diggingdeeper
06:19 PM
December
M Tu W Th F Sa Su
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Recent Posts : What's On ?
Wirral TUC Meeting re Update on Wallasey CLP Suspe
by RUDEBOX
30th Nov 2016 9:16pm
World Aids Day Event 2016. Liverpool
by RUDEBOX
30th Nov 2016 9:05pm
Topic Options
Rate This Topic
#219419 - 1st Apr 2008 7:55pm Apple Safari 3.1
Mark Online   Reading


Wiki Master

Registered: 9th Nov 2003
Posts: 20963
Loc: Wirral
Safari browser allows Mac to be easily taken over at hacker convention, Vista, Ubuntu machines survive the day

It has not been a good couple weeks for Apple and Safari. First Opera knocked it from its position as sole 100 percent compatible Acid3 browser. Then it tried to force iTunes users to unintentionally download the browser as part of an iTunes update, which included a pre-checked install option for Safari. The move was met with broad criticism, including from Mozilla's CEO, who commented that Apple was bordering "on malware distribution practices." Finally, Safari users who updated to v3.1 reported many bugs and crashes.

Now the browser, which Apple CEO Steve Jobs once called the "most innovative browser in the world and the most powerful browser in the world", has had more bad News. At the CanSecWest Show, an annual security conference, it was found that the Safari browser was surprisingly insecure, allowing successful attacks on Mac computers.

CanSecWest sponsors an annual hacking contest, which seeks to recognize vulnerabilities and give a comparative analysis of OS security. A Mac, Vista machine, and Ubuntu box survived the first round, which only allowed pre-authentication attacks a successful attack would have yielded a $20,000 prize. However, on the second day, the flood gates were opened and hackers were allowed to use default-installed client applications.

The Mac fell within minutes, hijacked by security researcher Charlie Miller. Miller compromised the computer through security flaws in the new Safari 3.1 browser, which he declined to make public. For his takeover via the new vulnerability, Miller netted a sweet prize of $10,000. Surprisingly, the hackers were unable to gain control of the Vista or Ubuntu machines that day.

On the third day, hackers were allowed to exploit popular third-party applications. Hackers found the Vista machine surprisingly hard to crack in what they thought would be an "easy pickings" day. The improved security is likely owing largely to SP1, perhaps because of NX support for heap memory. In the end it was taken down by a cross-platform Flash Player attack. The Ubuntu machine survived the day.

Some point that the Mac and others may be even more vulnerable than the show indicates as some have noted that a pre-authentication vulnerability might command a price of $50,000 or more elsewhere, making an exploit at the show unprofitable. According to eWeek's security analysts, "Safari is prone to a remote code-execution vulnerability because it fails to adequately handle regular expressions with large, nested repetition counts. Inaccurate compilation lengths are calculated, and an overflow results."

Miller didn't even have to use new vulnerabilities also known for Safari. The first is a simple overflow attack using zip files. The second attack allows injection of content in a window belonging to a trusted site.
A recent independent analysis confirmed that Apple patches its vulnerabilities slower than Microsoft. The analysis followed a controversial Microsoft report by Jeff Jones, known for trashing Firefox for its bugs. The report indicated that 36 vulnerabilities in Vista were fixed over a total of nine patching events, and 30 unpatched vulnerabilities remained, while a total of 116 vulnerabilities were fixed in OS X over 17 patching events, with 41 unpatched vulnerabilities.

Apple's patches last year indicated Apple's slower than acceptable patching pace. It included patches for four vulnerabilities known since 2006 and two known since 2005. The oldest of these, a vulnerability in Apache, had a fix released by Apache in 2005.

Security experts point out that despite Apple's poor security, its machines remain less attacked than Windows machines. Many believe this is simply a matter of market share. With Mac sales on the rise, there may soon be a large increase in Apple-targeted malware and takeovers with the Safari browsing taking the brunt of the attacks.


Sourced from Daily Tech
_________________________
My Avatar images are all from the Wirral Gallery.Click Me
Wow Wirral History is coming along Great! Wirral History

we get +200 new members a month now smile

Top
Digital Wirral : Advertising
Click me for more Information......

* * * Julie : LED Lights Supplied and Fitted Free * * *
Now Advertise with WikiWirral.
WikiWirral stats 35,000 Page Views a Day +500 Search Engines.. Click Me
#219474 - 2nd Apr 2008 5:06am Re: Apple Safari 3.1 [Re: Mark]
MattLFC Offline
Wiki Master

Registered: 14th Aug 2004
Posts: 22315
Loc: Moreton/Beirut/Mobile
This reminded me to check a new site I just built in Safari... I like Safari, I hope they sorted the memory usage in the latest release as that was the only issue I had with 3.0.

Security issue's or not, it probably doesnt have as many as IE and FireFox, and it's certainly a nicer browser to use, as is Opera, but that's just a pain the way it render's site's so strictly to W3C standards sometimes. Safari does'nt seem to suffer from these problems.

Apple tbh are doing quite well to get to grips with Safari on Windows imho. I think out of preference, I would use Safari or Opera before IE or Firefox, but unfortunatly Safari had memory problems in 3.0 for Windows and Opera is just too W3C compliant, so until they get it right, im stuck with IE7, which I must admit I like overall, but its not as good in a lot of respects.

I use Opera on my gf's laptop though (so she can have IE7 all to herself) and it work's a treat... tried Safari 3.0 on there originally and it was a bit lacking the memory to deal with it's leakage; maybe this new release has sorted that hehe.

Anyway, im pleased to not my new website has passed the IE6, IE7, FireFox 2 & 3, Opera 9 and now Safari 3.1 test's; any other browser people actually use??

Cheers!

smile

Top

Moderator:  Mark 
Random Wirral Images

Click to View Topic.
Newest Topics
Talk Talk Security Breach
by fish5133
06:19 PM
Mobile mechanic needed to fit a wishbone
by anniebo28
6th Dec 2016 7:13pm
Vet help
by colin86
6th Dec 2016 6:25pm
Another tree down on Arrowe park Road?
by Davefabo
6th Dec 2016 11:08am
Game shocking prices!!!
by eddtheduck
5th Dec 2016 4:55pm
For Sale & Free
Iphone 5s, Grey, near mint condition, 50
by anniebo28
07:40 PM
Roberts Concerto 2 CD Player For Visually Impaired
by Tranquil
6th Dec 2016 10:05pm
Gaming chair
by monsterz4
6th Dec 2016 8:27pm
MIG welder
by anniebo28
6th Dec 2016 1:34am
IPhone 4s 16gb 35
by anniebo28
4th Dec 2016 12:45pm
Featured Member
Registered: 27th Dec 2006
Posts: 1962
Newest Members
lucyw, BarbaraL, SherryLover, missyb, DavidSharpe
12137 Registered Users
Today's Birthdays
No Birthdays
New Wirral Info
Gymnastics coaches needed.
by margy
3rd Dec 2016 9:28pm
Wirral Globe
by locomotive
1st Dec 2016 6:25pm
Wirral TUC Meeting re Update on Wallasey CLP Suspe
by RUDEBOX
30th Nov 2016 9:16pm
World Aids Day Event 2016. Liverpool
by RUDEBOX
30th Nov 2016 9:05pm
A job. Company not named.
by venice
30th Nov 2016 6:30pm
News : New Topics
RIP Peter Vaughan
by diggingdeeper
04:22 AM
That was kept a bit quiet?
by venice
6th Dec 2016 11:25am
Another tree down on Arrowe park Road?
by Davefabo
6th Dec 2016 11:08am
Bunchems Xmas present warning
by venice
6th Dec 2016 9:28am
Another Big Waste Fire in Liverpool.
by Wally1
4th Dec 2016 10:24am
New Enthusiast Forums
Talk Talk Security Breach
by fish5133
06:19 PM
Mobile mechanic needed to fit a wishbone
by anniebo28
6th Dec 2016 7:13pm
Vet help
by colin86
6th Dec 2016 6:25pm
Game shocking prices!!!
by eddtheduck
5th Dec 2016 4:55pm
54 plate renault clio 3rd brake light
by Mike72
1st Dec 2016 12:52pm
(Views 24hrs)Trending Newest Topics
Vet help 300
Talk Talk Security Breach 127
Wirral Sunrise Sunset
Sunrise Thu 8:15am
Sunset Thu 3:53pm
Local Time Thu 11:56am
WikiWirral Can . . . .