WikiWirral is where great friendships are made.
Forum Stats
12223 Members
65 Forums
72734 Topics
980347 Posts
59 posts in the last 24hrs
Max Online: 7831 @ 8th Apr 2013 4:18pm
Who's Online - Click Me
94 registered (11kendo, 13 invisible), 1686 Guests and 183 Spiders online.
Key: Admin, Global Mod, Mod
Social Media : Follow Us


(Views 7days)This Weeks Most Read
On-street parking charges dropped 419
Ceiling needs smoothing 355
TS Indefatigable 308
Patio work 282
Hezballah 232
vet fees 221
Sea Shepherd 214
Seeking old pictures of Egerton Street area, Birkenhead 95
Re sizing 79
Am I missing something ? 64
New General Forums
Am I missing something ?
by dizdazdoz
16th Feb 2017 12:46pm
Valentines Day---Help From The Ladies
by fish5133
10th Feb 2017 7:35pm
Happy BirthdaY
by Vanmanone
10th Feb 2017 2:51am
Warning!!!
by muzzy2
9th Feb 2017 9:09am
New Wirral History
Seeking old pictures of Egerton Street area, Birkenhead
by yoller
19th Feb 2017 7:53pm
TS Indefatigable
by granny
18th Feb 2017 3:32pm
RIP : Chris Kay
by granny
31st Aug 2016 9:25am
Children's home on the Overchurch
by xleahx
26th Apr 2011 7:01pm
Stanlow Abbey
by ghostly1
4th Dec 2008 10:09pm
Forum Tips
Photo Gallery Forums
fireworks on the Mersey last night
Hadlow train station
Topic Replies
TS Indefatigable
by derekdwc
12:24 PM
Patio work
by steamfan
09:51 AM
Changes to bin collections
by joeblogs
07:22 AM
Missing
by granny
11:10 PM
Samick Greg Bennett UK50 Ukulele
by j_demo
09:24 PM
Stanlow Abbey
by techgran
09:07 PM
2x Brit Floyd tickets 3rd March City entrance
by ambersmum
06:35 PM
Sherwood 2x30W amp with phono - £35; other hifi
by montyz
04:09 PM
vet fees
by starakita
03:48 PM
February
M Tu W Th F Sa Su
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28
Recent Posts : What's On ?
Lion Salt Works/Weaver Hall Museum
by venice
19th Feb 2017 12:19pm
Wirral TUC Meeting re Update on Wallasey CLP Suspe
by RUDEBOX
13th Feb 2017 8:50pm
Topic Options
Rate This Topic
#219419 - 1st Apr 2008 7:55pm Apple Safari 3.1
Mark Online   Reading


Wiki Master

Registered: 9th Nov 2003
Posts: 21011
Loc: Wirral
Safari browser allows Mac to be easily taken over at hacker convention, Vista, Ubuntu machines survive the day

It has not been a good couple weeks for Apple and Safari. First Opera knocked it from its position as sole 100 percent compatible Acid3 browser. Then it tried to force iTunes users to unintentionally download the browser as part of an iTunes update, which included a pre-checked install option for Safari. The move was met with broad criticism, including from Mozilla's CEO, who commented that Apple was bordering "on malware distribution practices." Finally, Safari users who updated to v3.1 reported many bugs and crashes.

Now the browser, which Apple CEO Steve Jobs once called the "most innovative browser in the world and the most powerful browser in the world", has had more bad News. At the CanSecWest Show, an annual security conference, it was found that the Safari browser was surprisingly insecure, allowing successful attacks on Mac computers.

CanSecWest sponsors an annual hacking contest, which seeks to recognize vulnerabilities and give a comparative analysis of OS security. A Mac, Vista machine, and Ubuntu box survived the first round, which only allowed pre-authentication attacks – a successful attack would have yielded a $20,000 prize. However, on the second day, the flood gates were opened and hackers were allowed to use default-installed client applications.

The Mac fell within minutes, hijacked by security researcher Charlie Miller. Miller compromised the computer through security flaws in the new Safari 3.1 browser, which he declined to make public. For his takeover via the new vulnerability, Miller netted a sweet prize of $10,000. Surprisingly, the hackers were unable to gain control of the Vista or Ubuntu machines that day.

On the third day, hackers were allowed to exploit popular third-party applications. Hackers found the Vista machine surprisingly hard to crack in what they thought would be an "easy pickings" day. The improved security is likely owing largely to SP1, perhaps because of NX support for heap memory. In the end it was taken down by a cross-platform Flash Player attack. The Ubuntu machine survived the day.

Some point that the Mac and others may be even more vulnerable than the show indicates as some have noted that a pre-authentication vulnerability might command a price of $50,000 or more elsewhere, making an exploit at the show unprofitable. According to eWeek's security analysts, "Safari is prone to a remote code-execution vulnerability because it fails to adequately handle regular expressions with large, nested repetition counts. Inaccurate compilation lengths are calculated, and an overflow results."

Miller didn't even have to use new vulnerabilities also known for Safari. The first is a simple overflow attack using zip files. The second attack allows injection of content in a window belonging to a trusted site.
A recent independent analysis confirmed that Apple patches its vulnerabilities slower than Microsoft. The analysis followed a controversial Microsoft report by Jeff Jones, known for trashing Firefox for its bugs. The report indicated that 36 vulnerabilities in Vista were fixed over a total of nine patching events, and 30 unpatched vulnerabilities remained, while a total of 116 vulnerabilities were fixed in OS X over 17 patching events, with 41 unpatched vulnerabilities.

Apple's patches last year indicated Apple's slower than acceptable patching pace. It included patches for four vulnerabilities known since 2006 and two known since 2005. The oldest of these, a vulnerability in Apache, had a fix released by Apache in 2005.

Security experts point out that despite Apple's poor security, its machines remain less attacked than Windows machines. Many believe this is simply a matter of market share. With Mac sales on the rise, there may soon be a large increase in Apple-targeted malware and takeovers with the Safari browsing taking the brunt of the attacks.


Sourced from Daily Tech
_________________________
My Avatar images are all from the Wirral Gallery.Click Me
Wow Wirral History is coming along Great! Wirral History

we get +200 new members a month now smile

Top
Digital Wirral : Advertising
Click me for more Information......

* * * Dentwiz : Paintless Dent Repair * * *
Now Advertise with WikiWirral.
WikiWirral stats 35,000 Page Views a Day +500 Search Engines.. Click Me
#219474 - 2nd Apr 2008 5:06am Re: Apple Safari 3.1 [Re: Mark]
MattLFC Offline
Wiki Master

Registered: 14th Aug 2004
Posts: 22315
Loc: Moreton/Beirut/Mobile
This reminded me to check a new site I just built in Safari... I like Safari, I hope they sorted the memory usage in the latest release as that was the only issue I had with 3.0.

Security issue's or not, it probably doesnt have as many as IE and FireFox, and it's certainly a nicer browser to use, as is Opera, but that's just a pain the way it render's site's so strictly to W3C standards sometimes. Safari does'nt seem to suffer from these problems.

Apple tbh are doing quite well to get to grips with Safari on Windows imho. I think out of preference, I would use Safari or Opera before IE or Firefox, but unfortunatly Safari had memory problems in 3.0 for Windows and Opera is just too W3C compliant, so until they get it right, im stuck with IE7, which I must admit I like overall, but its not as good in a lot of respects.

I use Opera on my gf's laptop though (so she can have IE7 all to herself) and it work's a treat... tried Safari 3.0 on there originally and it was a bit lacking the memory to deal with it's leakage; maybe this new release has sorted that hehe.

Anyway, im pleased to not my new website has passed the IE6, IE7, FireFox 2 & 3, Opera 9 and now Safari 3.1 test's; any other browser people actually use??

Cheers!

smile

Top

Moderator:  Mark 
Random Wirral Images

Click to View Topic.
Newest Topics
vet fees
by eggandchips
Yesterday at 12:01 AM
Seeking old pictures of Egerton Street area, Birkenhead
by yoller
19th Feb 2017 7:53pm
Lion Salt Works/Weaver Hall Museum
by paxvobiscum
18th Feb 2017 9:19pm
Patio work
by steamfan
18th Feb 2017 3:45pm
TS Indefatigable
by granny
18th Feb 2017 3:32pm
For Sale & Free
Samick Greg Bennett UK50 Ukulele
by j_demo
Yesterday at 09:24 PM
2x Brit Floyd tickets 3rd March City entrance
by ambersmum
Yesterday at 06:35 PM
Sherwood 2x30W amp with phono - £35; other hifi
by montyz
Yesterday at 04:09 PM
Gaming pc
by Cjoshea
18th Feb 2017 9:47pm
ESCHENBACH Illuminated Magnifiers
by buddy
15th Feb 2017 1:12pm
Featured Member
Registered: 22nd Mar 2010
Posts: 2810
Newest Members
CliveK, vonny, Vkj530, SunsetP, RachelBinns
12223 Registered Users
Today's Birthdays
No Birthdays
New Wirral Info
Lion Salt Works/Weaver Hall Museum
by paxvobiscum
18th Feb 2017 9:19pm
Patio work
by steamfan
18th Feb 2017 3:45pm
Ceiling needs smoothing
by yr20405
15th Feb 2017 1:52am
Info? Bill Dobson, Photographer, Martins Bank
by diggingdeeper
13th Feb 2017 12:10pm
War Museum
by missmahjong
12th Feb 2017 1:24pm
News : New Topics
Hezballah
by venice
17th Feb 2017 11:15am
On-street parking charges dropped
by oldpm01
15th Feb 2017 9:10am
Thousands raised for children of cancer couple.
by fish5133
13th Feb 2017 3:01pm
Lost ladies Swarovski watch
by spider
13th Feb 2017 10:36am
M53 closed in both directions between J2 and J3
by diggingdeeper
9th Feb 2017 10:00pm
New Enthusiast Forums
vet fees
by eggandchips
12:01 AM
Sea Shepherd
by venice
16th Feb 2017 1:06pm
Sounds of the Sixties
by paxvobiscum
11th Feb 2017 8:53pm
Hospital
by cools
10th Feb 2017 9:53am
X Box One S
by rossie
9th Feb 2017 8:56am
(Views 24hrs)Trending Newest Topics
Wirral Sunrise Sunset
Sunrise Tue 7:16am
Sunset Tue 5:35pm
Local Time Tue 2:30pm
WikiWirral Can . . . .