Welcome to WikiWirral, sharing is what we do best.
Forum Stats
12328 Members
65 Forums
73256 Topics
989090 Posts
27 posts in the last 24hrs
Max Online: 7831 @ 8th Apr 2013 4:18pm
Who's Online - Click Me
84 registered (alan128, 12 invisible), 1399 Guests and 276 Spiders online.
Key: Admin, Global Mod, Mod
Social Media : Follow Us


(Views 7days)This Weeks Most Read
Finsbury Park mosque. 974
Round the Wirral with a movie camera[1934] 437
Code reader 322
Washing machine 199
Range Rover P38A Air Suspension Help Needed 143
Loving Home Wanted For 3 Cats. 117
Ant and Dec 97
Another Scam 79
Wanted roof box 65
Loving Home Wanted For 3 Cats. 59
New General Forums
Deja Vu, Lightning Strikes Thrice, Groundhog Day
by fish5133
07:38 PM
Ant and Dec
by cools
18th Jun 2017 2:11pm
Another Scam
by Excoriator
18th Jun 2017 10:00am
Happy birthday Ste
by Dilly
12th Jun 2017 7:54am
New Wirral History
Round the Wirral with a movie camera[1934]
by snowhite
16th Jun 2017 2:03pm
Bascule Bridge
by Sufee
6th Jun 2017 9:09pm
Pathe news short - merseytunnel 1934
by oldpm01
5th Jun 2017 1:57pm
1878 Post Office Directory of Cheshire query
by derekdwc
1st Jun 2017 10:41pm
Bakery at 275 Poulton Road 1925 onwards
by JAFitz
30th May 2017 8:59pm
Forum Tips
Photo Gallery Forums
wirral from Liverpool big wheel
New Brighton Big Wheel
Topic Replies
Where In The Wirral Is It??
by diggingdeeper
09:22 PM
Benefit Cap is Unlawful
by RUDEBOX
07:37 PM
Suspended sentence for 37,000 benefit fraud mum
by Mark
06:45 PM
What song are you listening to?
by granny
10:18 AM
live webcam from africa, a must see
by granny
09:49 AM
VW t4 fixed side window replacement
by Mike72
08:00 AM
Sailing volunteers
by diggingdeeper
12:34 AM
Finsbury Park mosque.
by fish5133
21st Jun 2017 11:48pm
Bromborough Central Power Station
by Jimbo620
21st Jun 2017 7:19pm
June
M Tu W Th F Sa Su
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30
Recent Posts : What's On ?
Shotwick - Old And New (Hall and Solar Farm)
by diggingdeeper
18th Jun 2017 11:41am
Sefton Park
by diggingdeeper
17th Jun 2017 7:28pm
Topic Options
Rate This Topic
#219419 - 1st Apr 2008 7:55pm Apple Safari 3.1
Mark Online   Reading


Wiki Master

Registered: 9th Nov 2003
Posts: 21061
Loc: Wirral
Safari browser allows Mac to be easily taken over at hacker convention, Vista, Ubuntu machines survive the day

It has not been a good couple weeks for Apple and Safari. First Opera knocked it from its position as sole 100 percent compatible Acid3 browser. Then it tried to force iTunes users to unintentionally download the browser as part of an iTunes update, which included a pre-checked install option for Safari. The move was met with broad criticism, including from Mozilla's CEO, who commented that Apple was bordering "on malware distribution practices." Finally, Safari users who updated to v3.1 reported many bugs and crashes.

Now the browser, which Apple CEO Steve Jobs once called the "most innovative browser in the world and the most powerful browser in the world", has had more bad News. At the CanSecWest Show, an annual security conference, it was found that the Safari browser was surprisingly insecure, allowing successful attacks on Mac computers.

CanSecWest sponsors an annual hacking contest, which seeks to recognize vulnerabilities and give a comparative analysis of OS security. A Mac, Vista machine, and Ubuntu box survived the first round, which only allowed pre-authentication attacks a successful attack would have yielded a $20,000 prize. However, on the second day, the flood gates were opened and hackers were allowed to use default-installed client applications.

The Mac fell within minutes, hijacked by security researcher Charlie Miller. Miller compromised the computer through security flaws in the new Safari 3.1 browser, which he declined to make public. For his takeover via the new vulnerability, Miller netted a sweet prize of $10,000. Surprisingly, the hackers were unable to gain control of the Vista or Ubuntu machines that day.

On the third day, hackers were allowed to exploit popular third-party applications. Hackers found the Vista machine surprisingly hard to crack in what they thought would be an "easy pickings" day. The improved security is likely owing largely to SP1, perhaps because of NX support for heap memory. In the end it was taken down by a cross-platform Flash Player attack. The Ubuntu machine survived the day.

Some point that the Mac and others may be even more vulnerable than the show indicates as some have noted that a pre-authentication vulnerability might command a price of $50,000 or more elsewhere, making an exploit at the show unprofitable. According to eWeek's security analysts, "Safari is prone to a remote code-execution vulnerability because it fails to adequately handle regular expressions with large, nested repetition counts. Inaccurate compilation lengths are calculated, and an overflow results."

Miller didn't even have to use new vulnerabilities also known for Safari. The first is a simple overflow attack using zip files. The second attack allows injection of content in a window belonging to a trusted site.
A recent independent analysis confirmed that Apple patches its vulnerabilities slower than Microsoft. The analysis followed a controversial Microsoft report by Jeff Jones, known for trashing Firefox for its bugs. The report indicated that 36 vulnerabilities in Vista were fixed over a total of nine patching events, and 30 unpatched vulnerabilities remained, while a total of 116 vulnerabilities were fixed in OS X over 17 patching events, with 41 unpatched vulnerabilities.

Apple's patches last year indicated Apple's slower than acceptable patching pace. It included patches for four vulnerabilities known since 2006 and two known since 2005. The oldest of these, a vulnerability in Apache, had a fix released by Apache in 2005.

Security experts point out that despite Apple's poor security, its machines remain less attacked than Windows machines. Many believe this is simply a matter of market share. With Mac sales on the rise, there may soon be a large increase in Apple-targeted malware and takeovers with the Safari browsing taking the brunt of the attacks.


Sourced from Daily Tech
_________________________
My Avatar images are all from the Wirral Gallery.Click Me
Wow Wirral History is coming along Great! Wirral History

we get +200 new members a month now smile

Top
Google Ads
#219474 - 2nd Apr 2008 5:06am Re: Apple Safari 3.1 [Re: Mark]
MattLFC Offline
Wiki Master

Registered: 14th Aug 2004
Posts: 22315
Loc: Moreton/Beirut/Mobile
This reminded me to check a new site I just built in Safari... I like Safari, I hope they sorted the memory usage in the latest release as that was the only issue I had with 3.0.

Security issue's or not, it probably doesnt have as many as IE and FireFox, and it's certainly a nicer browser to use, as is Opera, but that's just a pain the way it render's site's so strictly to W3C standards sometimes. Safari does'nt seem to suffer from these problems.

Apple tbh are doing quite well to get to grips with Safari on Windows imho. I think out of preference, I would use Safari or Opera before IE or Firefox, but unfortunatly Safari had memory problems in 3.0 for Windows and Opera is just too W3C compliant, so until they get it right, im stuck with IE7, which I must admit I like overall, but its not as good in a lot of respects.

I use Opera on my gf's laptop though (so she can have IE7 all to herself) and it work's a treat... tried Safari 3.0 on there originally and it was a bit lacking the memory to deal with it's leakage; maybe this new release has sorted that hehe.

Anyway, im pleased to not my new website has passed the IE6, IE7, FireFox 2 & 3, Opera 9 and now Safari 3.1 test's; any other browser people actually use??

Cheers!

smile

Top

Moderator:  Mark 
Random Wirral Images

Click to View Topic.
Newest Topics
Benefit Cap is Unlawful
by RUDEBOX
07:37 PM
VW t4 fixed side window replacement
by Mike72
08:00 AM
Range Rover P38A Air Suspension Help Needed
by Martin1943
20th Jun 2017 8:06pm
Loving Home Wanted For 3 Cats.
by DavidC
20th Jun 2017 8:32am
Finsbury Park mosque.
by Beethoven
19th Jun 2017 11:42am
For Sale & Free
Washing machine
by GingerTom
20th Jun 2017 9:05pm
22" full 1080p hd and freeview tv
by monsterz4
20th Jun 2017 8:50pm
Apple TV box the 1gen
by monsterz4
20th Jun 2017 8:48pm
42 lf smart tv
by stumpyduck
20th Jun 2017 8:15pm
Wanted roof box
by monsterz4
19th Jun 2017 10:32am
Featured Member
Registered: 15th Jun 2012
Posts: 7
Newest Members
Fairz87, mikerobbo84, Robbo1960, Gwhiz03, SamphireGreen
12328 Registered Users
Today's Birthdays
No Birthdays
New Wirral Info
Shotwick - Old And New (Hall and Solar Farm)
by diggingdeeper
15th Jun 2017 10:19pm
Sefton Park
by diggingdeeper
15th Jun 2017 10:02pm
Property Law
by lau2908
14th Jun 2017 8:04pm
van driver needed
by futurepast
14th Jun 2017 7:34pm
Sailing volunteers
by dogsbrain
14th Jun 2017 4:31pm
News : New Topics
Benefit Cap is Unlawful
by RUDEBOX
07:37 PM
Finsbury Park mosque.
by Beethoven
19th Jun 2017 11:42am
Grenfell Tower - Notting Hill
by diggingdeeper
14th Jun 2017 5:13am
Manchester airport
by Dilly
9th Jun 2017 6:01pm
helicopter landing irby park
by fish5133
7th Jun 2017 12:22am
New Enthusiast Forums
VW t4 fixed side window replacement
by Mike72
08:00 AM
Range Rover P38A Air Suspension Help Needed
by Martin1943
20th Jun 2017 8:06pm
Loving Home Wanted For 3 Cats.
by DavidC
20th Jun 2017 8:32am
Loving Home Wanted For 3 Cats.
by DavidC
18th Jun 2017 6:02pm
Code reader
by madrob
16th Jun 2017 9:09am
(Views 24hrs)Trending Newest Topics
Benefit Cap is Unlawful 35
VW t4 fixed side window replacement 28
Deja Vu, Lightning Strikes Thrice, Groundhog Day 19
Wirral Sunrise Sunset
Sunrise Fri 4:43am
Sunset Fri 9:45pm
Local Time Fri 6:20am
WikiWirral Can . . . .
Advertising Click me
To Advertise with
Wikiwirral Click Me