WikiWirral 13yrs online 24/7 365 days a year.
Forum Stats
12184 Members
65 Forums
72607 Topics
978410 Posts
84 posts in the last 24hrs
Max Online: 7831 @ 8th Apr 2013 4:18pm
Who's Online - Click Me
91 registered (11kendo, 17 invisible), 1499 Guests and 191 Spiders online.
Key: Admin, Global Mod, Mod
Social Media : Follow Us


(Views 7days)This Weeks Most Read
Secretive mega shake-up of NHS could cost 15 mil 642
Found a mobile phone 14/01/2017 WALLASEY 395
Asbestos shed removal 376
Paypal help 372
Sometimes You Could Strangle Someone 359
When we live to be a 100 yrs old 323
RAC ,AA v Breakdown Recovery 308
Best Price for Scarpping my car 292
Spy in the wild 290
Lost Mobile Phone 285
New General Forums
Jets
by cools
Today at 12:14 PM
The Scouse Accent
by palemoon
18th Jan 2017 7:49pm
birthday wishes
by sunnyside
18th Jan 2017 12:48pm
The Green Eyed Girl
by granny
17th Jan 2017 10:33pm
New Wirral History
753 Sea Horse, Unit 9, Wallasey Waterfront
by Norton
18th Jan 2017 9:07pm
What was County Hall, Abbey Street, Birkenhead?
by yoller
15th Jan 2017 1:28pm
752 The Old Manor Club, Withens Lane, Liscard
by Norton
13th Jan 2017 2:20pm
751 Plough Inn, Mount Pleasant Rd, New Brighton
by Norton
13th Jan 2017 1:38pm
351 Prince Alfred 30 Tunnel Road 30 30 to 32
by yoller
8th Jan 2017 7:18pm
Forum Tips
Photo Gallery Forums
fireworks on the Mersey last night
Hadlow train station
Topic Replies
Animal Cruelty in the Film Industry
by cools
Trump
by sunnyside
Paper Recycling. ?
by spinner1
04:17 PM
Musicals
by granny
02:49 PM
Taylors Villas 1874 any info?
by joney
02:20 PM
RAC ,AA v Breakdown Recovery
by fish5133
01:37 PM
Parking Charges
by Beethoven
01:32 PM
Nuns Abused Children in Care Homes.
by fish5133
01:26 PM
Question Time
by fish5133
01:03 PM
January
M Tu W Th F Sa Su
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31
Recent Posts : What's On ?
Indian/Jazz fusion music Liverpool
by buddy
17th Jan 2017 9:46am
Chinese New Year Liverpool
by paxvobiscum
15th Jan 2017 11:08am
Topic Options
Rate This Topic
#219419 - 1st Apr 2008 7:55pm Apple Safari 3.1
Mark Online   Reading


Wiki Master

Registered: 9th Nov 2003
Posts: 21001
Loc: Wirral
Safari browser allows Mac to be easily taken over at hacker convention, Vista, Ubuntu machines survive the day

It has not been a good couple weeks for Apple and Safari. First Opera knocked it from its position as sole 100 percent compatible Acid3 browser. Then it tried to force iTunes users to unintentionally download the browser as part of an iTunes update, which included a pre-checked install option for Safari. The move was met with broad criticism, including from Mozilla's CEO, who commented that Apple was bordering "on malware distribution practices." Finally, Safari users who updated to v3.1 reported many bugs and crashes.

Now the browser, which Apple CEO Steve Jobs once called the "most innovative browser in the world and the most powerful browser in the world", has had more bad News. At the CanSecWest Show, an annual security conference, it was found that the Safari browser was surprisingly insecure, allowing successful attacks on Mac computers.

CanSecWest sponsors an annual hacking contest, which seeks to recognize vulnerabilities and give a comparative analysis of OS security. A Mac, Vista machine, and Ubuntu box survived the first round, which only allowed pre-authentication attacks a successful attack would have yielded a $20,000 prize. However, on the second day, the flood gates were opened and hackers were allowed to use default-installed client applications.

The Mac fell within minutes, hijacked by security researcher Charlie Miller. Miller compromised the computer through security flaws in the new Safari 3.1 browser, which he declined to make public. For his takeover via the new vulnerability, Miller netted a sweet prize of $10,000. Surprisingly, the hackers were unable to gain control of the Vista or Ubuntu machines that day.

On the third day, hackers were allowed to exploit popular third-party applications. Hackers found the Vista machine surprisingly hard to crack in what they thought would be an "easy pickings" day. The improved security is likely owing largely to SP1, perhaps because of NX support for heap memory. In the end it was taken down by a cross-platform Flash Player attack. The Ubuntu machine survived the day.

Some point that the Mac and others may be even more vulnerable than the show indicates as some have noted that a pre-authentication vulnerability might command a price of $50,000 or more elsewhere, making an exploit at the show unprofitable. According to eWeek's security analysts, "Safari is prone to a remote code-execution vulnerability because it fails to adequately handle regular expressions with large, nested repetition counts. Inaccurate compilation lengths are calculated, and an overflow results."

Miller didn't even have to use new vulnerabilities also known for Safari. The first is a simple overflow attack using zip files. The second attack allows injection of content in a window belonging to a trusted site.
A recent independent analysis confirmed that Apple patches its vulnerabilities slower than Microsoft. The analysis followed a controversial Microsoft report by Jeff Jones, known for trashing Firefox for its bugs. The report indicated that 36 vulnerabilities in Vista were fixed over a total of nine patching events, and 30 unpatched vulnerabilities remained, while a total of 116 vulnerabilities were fixed in OS X over 17 patching events, with 41 unpatched vulnerabilities.

Apple's patches last year indicated Apple's slower than acceptable patching pace. It included patches for four vulnerabilities known since 2006 and two known since 2005. The oldest of these, a vulnerability in Apache, had a fix released by Apache in 2005.

Security experts point out that despite Apple's poor security, its machines remain less attacked than Windows machines. Many believe this is simply a matter of market share. With Mac sales on the rise, there may soon be a large increase in Apple-targeted malware and takeovers with the Safari browsing taking the brunt of the attacks.


Sourced from Daily Tech
_________________________
My Avatar images are all from the Wirral Gallery.Click Me
Wow Wirral History is coming along Great! Wirral History

we get +200 new members a month now smile

Top
Digital Wirral : Advertising
Click me for more Information......

* * * Dentwiz : Paintless Dent Repair * * *
Now Advertise with WikiWirral.
WikiWirral stats 35,000 Page Views a Day +500 Search Engines.. Click Me
#219474 - 2nd Apr 2008 5:06am Re: Apple Safari 3.1 [Re: Mark]
MattLFC Offline
Wiki Master

Registered: 14th Aug 2004
Posts: 22315
Loc: Moreton/Beirut/Mobile
This reminded me to check a new site I just built in Safari... I like Safari, I hope they sorted the memory usage in the latest release as that was the only issue I had with 3.0.

Security issue's or not, it probably doesnt have as many as IE and FireFox, and it's certainly a nicer browser to use, as is Opera, but that's just a pain the way it render's site's so strictly to W3C standards sometimes. Safari does'nt seem to suffer from these problems.

Apple tbh are doing quite well to get to grips with Safari on Windows imho. I think out of preference, I would use Safari or Opera before IE or Firefox, but unfortunatly Safari had memory problems in 3.0 for Windows and Opera is just too W3C compliant, so until they get it right, im stuck with IE7, which I must admit I like overall, but its not as good in a lot of respects.

I use Opera on my gf's laptop though (so she can have IE7 all to herself) and it work's a treat... tried Safari 3.0 on there originally and it was a bit lacking the memory to deal with it's leakage; maybe this new release has sorted that hehe.

Anyway, im pleased to not my new website has passed the IE6, IE7, FireFox 2 & 3, Opera 9 and now Safari 3.1 test's; any other browser people actually use??

Cheers!

smile

Top

Moderator:  Mark 
Random Wirral Images

Click to View Topic.
Newest Topics
Animal Cruelty in the Film Industry
by granny
Today at 12:00 PM
Question Time
by derekdwc
Yesterday at 11:27 PM
Sanctuary awaits 5 bears
by venice
Yesterday at 06:25 PM
Parking Charges
by diggingdeeper
Yesterday at 03:01 PM
Kitten found Arrowe park car park
by Greenwood
Yesterday at 02:42 PM
For Sale & Free
Melamine faced chipboard ( Walnut or Oak )
by Reno37
Today at 11:36 AM
Wanted freezer kit
by dodie
18th Jan 2017 9:58pm
2pioneer speakers Free
by dodie
18th Jan 2017 9:54pm
Looking to swap an xbox one for a ps4
by surykata
18th Jan 2017 8:10pm
Wanted old cars spares or repairs
by vw_kyle
17th Jan 2017 1:08pm
Featured Member
Registered: 7th Dec 2008
Posts: 5346
Newest Members
Branco, Smudge22, Collette63, shellylou, sgjrob
12184 Registered Users
Today's Birthdays
No Birthdays
New Wirral Info
Paper Recycling. ?
by fish5133
Yesterday at 11:16 AM
Paypal help
by venice
17th Jan 2017 8:59pm
Brown Bin Collections Restarting Today 17th Jan
by fish5133
17th Jan 2017 9:04am
Indian/Jazz fusion music Liverpool
by paxvobiscum
15th Jan 2017 11:19am
Chinese New Year Liverpool
by paxvobiscum
15th Jan 2017 11:08am
News : New Topics
Trump
by cools
Today at 04:16 PM
Nuns Abused Children in Care Homes.
by granny
Today at 12:13 PM
Parking Charges
by diggingdeeper
Yesterday at 03:01 PM
Spectacles found.
by Beethoven
18th Jan 2017 1:02pm
When we live to be a 100 yrs old
by granny
18th Jan 2017 11:46am
New Enthusiast Forums
Animal Cruelty in the Film Industry
by granny
Today at 12:00 PM
Question Time
by derekdwc
Yesterday at 11:27 PM
Sanctuary awaits 5 bears
by venice
Yesterday at 06:25 PM
Kitten found Arrowe park car park
by Greenwood
Yesterday at 02:42 PM
Puppy wanted good careing home offered
by chris7777
Yesterday at 09:07 AM
(Views 24hrs)Trending Newest Topics
Question Time 184
Sanctuary awaits 5 bears 145
Trump 137
Animal Cruelty in the Film Industry 81
Nuns Abused Children in Care Homes. 60
Melamine faced chipboard ( Walnut or Oak ) 37
Jets 18
Wirral Sunrise Sunset
Sunrise Fri 8:13am
Sunset Fri 4:33pm
Local Time Fri 6:08pm
WikiWirral Can . . . .