WikiWirral 14yrs online 24/7 365 days a year.
Forum Stats
12455 Members
65 Forums
73757 Topics
997046 Posts
82 posts in the last 24hrs
Max Online: 7831 @ 8th Apr 2013 4:18pm
Who's Online - Click Me
78 registered (alan128, 16 invisible), 1383 Guests and 222 Spiders online.
Key: Admin, Global Mod, Mod
Social Media : Follow Us


(Views 7days)This Weeks Most Read
Games for children 1255
Submarine Disaster 595
Fitting bathroom lights need help 459
Bath Lifts 227
Murderer walks free 217
Great Mystery Of Our Time 211
Jon venables 199
Charity fishing match 152
Likely Lad Rodney Dies 149
David Cassidy 142
New General Forums
Great Mystery Of Our Time
by Spellbinder
21st Nov 2017 2:19pm
Brexit bill
by casper
20th Nov 2017 7:33pm
Telephone Caller Alert - they are NOT BT BROADBAND
by Laraine
17th Nov 2017 6:04pm
Are you a Mathematician ?
by granny
15th Nov 2017 8:59am
New Wirral History
Downloadable oldwirral pdfs
by derekdwc
9th Oct 2017 12:26pm
Forum Tips
Photo Gallery Forums
clipper yachts arriving for round the world race
Azamara,silouette and balmoral this mornig
Topic Replies
What song are you listening to?
by snowhite
Today at 02:50 PM
Jon venables
by casper
Today at 02:29 PM
Murderer walks free
by Salmon
Today at 12:29 PM
Bodytrain 2 in 1 Exercise bike and Cross trainer
by jonno40
Today at 12:17 PM
Submarine Disaster
by Gibbo
Today at 11:22 AM
Borat 😂
by _Ste_
Today at 05:08 AM
David Cassidy
by starakita
Yesterday at 05:25 PM
Wheelbarrow wanted
by zigzagwanderer
Yesterday at 02:03 PM
Lenovo H30-50 Slim Line Fast PC
by markyport
Yesterday at 12:50 PM
November
M Tu W Th F Sa Su
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30
Recent Posts : What's On ?
The Lanterns at Chester Zoo
by granny
16th Nov 2017 1:05pm
bonfire night
by snowhite
3rd Nov 2017 5:40pm
Topic Options
Rate This Topic
#219419 - 1st Apr 2008 7:55pm Apple Safari 3.1
Mark Offline


Wiki Master

Registered: 9th Nov 2003
Posts: 21086
Loc: Wirral
Safari browser allows Mac to be easily taken over at hacker convention, Vista, Ubuntu machines survive the day

It has not been a good couple weeks for Apple and Safari. First Opera knocked it from its position as sole 100 percent compatible Acid3 browser. Then it tried to force iTunes users to unintentionally download the browser as part of an iTunes update, which included a pre-checked install option for Safari. The move was met with broad criticism, including from Mozilla's CEO, who commented that Apple was bordering "on malware distribution practices." Finally, Safari users who updated to v3.1 reported many bugs and crashes.

Now the browser, which Apple CEO Steve Jobs once called the "most innovative browser in the world and the most powerful browser in the world", has had more bad News. At the CanSecWest Show, an annual security conference, it was found that the Safari browser was surprisingly insecure, allowing successful attacks on Mac computers.

CanSecWest sponsors an annual hacking contest, which seeks to recognize vulnerabilities and give a comparative analysis of OS security. A Mac, Vista machine, and Ubuntu box survived the first round, which only allowed pre-authentication attacks a successful attack would have yielded a $20,000 prize. However, on the second day, the flood gates were opened and hackers were allowed to use default-installed client applications.

The Mac fell within minutes, hijacked by security researcher Charlie Miller. Miller compromised the computer through security flaws in the new Safari 3.1 browser, which he declined to make public. For his takeover via the new vulnerability, Miller netted a sweet prize of $10,000. Surprisingly, the hackers were unable to gain control of the Vista or Ubuntu machines that day.

On the third day, hackers were allowed to exploit popular third-party applications. Hackers found the Vista machine surprisingly hard to crack in what they thought would be an "easy pickings" day. The improved security is likely owing largely to SP1, perhaps because of NX support for heap memory. In the end it was taken down by a cross-platform Flash Player attack. The Ubuntu machine survived the day.

Some point that the Mac and others may be even more vulnerable than the show indicates as some have noted that a pre-authentication vulnerability might command a price of $50,000 or more elsewhere, making an exploit at the show unprofitable. According to eWeek's security analysts, "Safari is prone to a remote code-execution vulnerability because it fails to adequately handle regular expressions with large, nested repetition counts. Inaccurate compilation lengths are calculated, and an overflow results."

Miller didn't even have to use new vulnerabilities also known for Safari. The first is a simple overflow attack using zip files. The second attack allows injection of content in a window belonging to a trusted site.
A recent independent analysis confirmed that Apple patches its vulnerabilities slower than Microsoft. The analysis followed a controversial Microsoft report by Jeff Jones, known for trashing Firefox for its bugs. The report indicated that 36 vulnerabilities in Vista were fixed over a total of nine patching events, and 30 unpatched vulnerabilities remained, while a total of 116 vulnerabilities were fixed in OS X over 17 patching events, with 41 unpatched vulnerabilities.

Apple's patches last year indicated Apple's slower than acceptable patching pace. It included patches for four vulnerabilities known since 2006 and two known since 2005. The oldest of these, a vulnerability in Apache, had a fix released by Apache in 2005.

Security experts point out that despite Apple's poor security, its machines remain less attacked than Windows machines. Many believe this is simply a matter of market share. With Mac sales on the rise, there may soon be a large increase in Apple-targeted malware and takeovers with the Safari browsing taking the brunt of the attacks.


Sourced from Daily Tech
_________________________
My Avatar images are all from the Wirral Gallery.Click Me
Wow Wirral History is coming along Great! Wirral History

we get +200 new members a month now smile

Top
Google Ads
#219474 - 2nd Apr 2008 5:06am Re: Apple Safari 3.1 [Re: Mark]
MattLFC Offline
Wiki Master

Registered: 14th Aug 2004
Posts: 22315
Loc: Moreton/Beirut/Mobile
This reminded me to check a new site I just built in Safari... I like Safari, I hope they sorted the memory usage in the latest release as that was the only issue I had with 3.0.

Security issue's or not, it probably doesnt have as many as IE and FireFox, and it's certainly a nicer browser to use, as is Opera, but that's just a pain the way it render's site's so strictly to W3C standards sometimes. Safari does'nt seem to suffer from these problems.

Apple tbh are doing quite well to get to grips with Safari on Windows imho. I think out of preference, I would use Safari or Opera before IE or Firefox, but unfortunatly Safari had memory problems in 3.0 for Windows and Opera is just too W3C compliant, so until they get it right, im stuck with IE7, which I must admit I like overall, but its not as good in a lot of respects.

I use Opera on my gf's laptop though (so she can have IE7 all to herself) and it work's a treat... tried Safari 3.0 on there originally and it was a bit lacking the memory to deal with it's leakage; maybe this new release has sorted that hehe.

Anyway, im pleased to not my new website has passed the IE6, IE7, FireFox 2 & 3, Opera 9 and now Safari 3.1 test's; any other browser people actually use??

Cheers!

smile

Top

Moderator:  Mark 
Random Wirral Images

Click to View Topic.
Newest Topics
Jon venables
by Dilly
07:23 AM
Borat 😂
by _Ste_
05:08 AM
Murderer walks free
by _Ste_
02:29 PM
David Cassidy
by cools
09:17 AM
Likely Lad Rodney Dies
by fish5133
21st Nov 2017 7:43pm
For Sale & Free
Bodytrain 2 in 1 Exercise bike and Cross trainer
by jonno40
Today at 12:17 PM
Wheelbarrow wanted
by zigzagwanderer
Yesterday at 02:03 PM
Lenovo H30-50 Slim Line Fast PC
by markyport
Yesterday at 12:50 PM
Extending dining table with six chairs
by kazaroo
20th Nov 2017 4:46pm
Water Dispenser Cold Cool Machine Cooler
by markyport
19th Nov 2017 4:45pm
Featured Member
Registered: 14th Aug 2015
Posts: 103
Newest Members
Ria63, Stephen1953, negusmat, wagonwheel82, Norfolk
12455 Registered Users
Today's Birthdays
No Birthdays
New Wirral Info
Fitting bathroom lights need help
by yr20405
17th Nov 2017 11:29pm
Games for children
by granny
17th Nov 2017 1:35am
Bath Lifts
by locomotive
16th Nov 2017 6:22pm
The Lanterns at Chester Zoo
by granny
16th Nov 2017 1:05pm
Travelling Bus and Train Which Tickets?
by fish5133
15th Nov 2017 5:31pm
News : New Topics
Jon venables
by Dilly
Today at 07:23 AM
Murderer walks free
by _Ste_
Yesterday at 02:29 PM
David Cassidy
by cools
Yesterday at 09:17 AM
Submarine Disaster
by diggingdeeper
20th Nov 2017 5:46pm
Anyone read this ?
by venice
16th Nov 2017 3:22pm
New Enthusiast Forums
Borat 😂
by _Ste_
Today at 05:08 AM
Likely Lad Rodney Dies
by fish5133
21st Nov 2017 7:43pm
Charity fishing match
by paul110180
17th Nov 2017 9:29pm
Are there any doctors or nurses on here.
by granny
16th Nov 2017 11:52pm
Taltalk Broadband Dying
by diggingdeeper
15th Nov 2017 3:40am
(Views 24hrs)Trending Newest Topics
Jon venables 199
Borat 😂 41
Wirral Sunrise Sunset
Sunrise Thu 7:53am
Sunset Thu 4:04pm
Local Time Thu 5:04pm
WikiWirral Can . . . .
Advertising Click me
To Advertise with
Wikiwirral Click Me