WikiWirral values you and your opinion.
Forum Statistics
Posts1,028,068
Topics75,592
Members13,512
Forums65
Posts in last 24hrs8
Most Online14,906
Nov 23rd, 2019
Who's Online Now
42 registered members (AX_125, 10 invisible), 1,429 guests, and221 spiders.
Key: Admin, Global Mod, Mod
Social Media : Follow Us


Popular Topics(Views 7days)
New General Forums
George Carlin
by BultacoAstro. 10th Sep 2020 9:00am
Our Earth
by granny. 8th Sep 2020 10:02am
The Moon Landing ?
by BultacoAstro. 29th Aug 2020 4:58pm
Harry McGuire.
by casper. 28th Aug 2020 11:15am
New Wirral History
Stage-Coach Timetables in 1830's
by mikeeb. 19th Sep 2020 4:05pm
Birkenhead Trams 1876
by mikeeb. 17th Sep 2020 3:38pm
WHAT PUB
by derekdwc. 12th Sep 2020 12:51pm
365 Crown Vaults 34 Watson Street
by mikeeb. 1st Sep 2020 5:05pm
94 Clarendon Hotel 109 to 111 Chester Street
by mikeeb. 31st Aug 2020 5:54pm
Forum Tips
Photo Gallery Forums
Boaty McBoatface takes shape
The gathering storm: Mersey waterfront today
Topic Replies
Our Earth
by granny. 21st Sep 2020 8:46pm
Stage-Coach Timetables in 1830's
by Greenwood. 21st Sep 2020 5:08pm
Classic Rock The Bands Are Awakening
by GaryFromWirral. 21st Sep 2020 10:18am
Coronavirus
by granny. 21st Sep 2020 8:38am
Birkenhead Trams 1876
by locomotive. 20th Sep 2020 8:00pm
Wooden Single Bed, Headboard, Mattress and Drawer
by rhoobarb2002. 20th Sep 2020 1:52pm
Dorothea Quarry Aug 2020
by mikeeb. 19th Sep 2020 3:41pm
Trinity Street Birkenhead
by MIKE6570. 19th Sep 2020 12:22pm
Award for Corbyn ???
by casper. 19th Sep 2020 9:34am
September
M T W T F S S
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
Recent Posts : What's On ?
Previous Topic
Next Topic
Print Topic
Rate Topic
Apple Safari 3.1 #219419
1st Apr 2008 6:55pm
1st Apr 2008 6:55pm
Joined: Nov 2003
Posts: 21,231
Wirral
Mark Offline OP

Wiki Master
Mark  Offline OP

Wiki Master
Joined: Nov 2003
Posts: 21,231
Wirral
Safari browser allows Mac to be easily taken over at hacker convention, Vista, Ubuntu machines survive the day

It has not been a good couple weeks for Apple and Safari. First Opera knocked it from its position as sole 100 percent compatible Acid3 browser. Then it tried to force iTunes users to unintentionally download the browser as part of an iTunes update, which included a pre-checked install option for Safari. The move was met with broad criticism, including from Mozilla's CEO, who commented that Apple was bordering "on malware distribution practices." Finally, Safari users who updated to v3.1 reported many bugs and crashes.

Now the browser, which Apple CEO Steve Jobs once called the "most innovative browser in the world and the most powerful browser in the world", has had more bad news. At the CanSecWest Show, an annual security conference, it was found that the Safari browser was surprisingly insecure, allowing successful attacks on Mac computers.

CanSecWest sponsors an annual hacking contest, which seeks to recognize vulnerabilities and give a comparative analysis of OS security. A Mac, Vista machine, and Ubuntu box survived the first round, which only allowed pre-authentication attacks a successful attack would have yielded a $20,000 prize. However, on the second day, the flood gates were opened and hackers were allowed to use default-installed client applications.

The Mac fell within minutes, hijacked by security researcher Charlie Miller. Miller compromised the computer through security flaws in the new Safari 3.1 browser, which he declined to make public. For his takeover via the new vulnerability, Miller netted a sweet prize of $10,000. Surprisingly, the hackers were unable to gain control of the Vista or Ubuntu machines that day.

On the third day, hackers were allowed to exploit popular third-party applications. Hackers found the Vista machine surprisingly hard to crack in what they thought would be an "easy pickings" day. The improved security is likely owing largely to SP1, perhaps because of NX support for heap memory. In the end it was taken down by a cross-platform Flash Player attack. The Ubuntu machine survived the day.

Some point that the Mac and others may be even more vulnerable than the show indicates as some have noted that a pre-authentication vulnerability might command a price of $50,000 or more elsewhere, making an exploit at the show unprofitable. According to eWeek's security analysts, "Safari is prone to a remote code-execution vulnerability because it fails to adequately handle regular expressions with large, nested repetition counts. Inaccurate compilation lengths are calculated, and an overflow results."

Miller didn't even have to use new vulnerabilities also known for Safari. The first is a simple overflow attack using zip files. The second attack allows injection of content in a window belonging to a trusted site.
A recent independent analysis confirmed that Apple patches its vulnerabilities slower than Microsoft. The analysis followed a controversial Microsoft report by Jeff Jones, known for trashing Firefox for its bugs. The report indicated that 36 vulnerabilities in Vista were fixed over a total of nine patching events, and 30 unpatched vulnerabilities remained, while a total of 116 vulnerabilities were fixed in OS X over 17 patching events, with 41 unpatched vulnerabilities.

Apple's patches last year indicated Apple's slower than acceptable patching pace. It included patches for four vulnerabilities known since 2006 and two known since 2005. The oldest of these, a vulnerability in Apache, had a fix released by Apache in 2005.

Security experts point out that despite Apple's poor security, its machines remain less attacked than Windows machines. Many believe this is simply a matter of market share. With Mac sales on the rise, there may soon be a large increase in Apple-targeted malware and takeovers with the Safari browsing taking the brunt of the attacks.


Sourced from Daily Tech


My Avatar images are all from the Wirral Gallery.Click Me
Wow Wirral History is coming along Great! Wirral History

we get +200 new members a month now smile
Google Ads
Re: Apple Safari 3.1 [Re: Mark] #219474
2nd Apr 2008 4:06am
2nd Apr 2008 4:06am
Joined: Aug 2004
Posts: 22,315
Moreton/Beirut/Mobile
MattLFC Offline
Wiki Master
MattLFC  Offline
Wiki Master
Joined: Aug 2004
Posts: 22,315
Moreton/Beirut/Mobile
This reminded me to check a new site I just built in Safari... I like Safari, I hope they sorted the memory usage in the latest release as that was the only issue I had with 3.0.

Security issue's or not, it probably doesnt have as many as IE and FireFox, and it's certainly a nicer browser to use, as is Opera, but that's just a pain the way it render's site's so strictly to W3C standards sometimes. Safari does'nt seem to suffer from these problems.

Apple tbh are doing quite well to get to grips with Safari on Windows imho. I think out of preference, I would use Safari or Opera before IE or Firefox, but unfortunatly Safari had memory problems in 3.0 for Windows and Opera is just too W3C compliant, so until they get it right, im stuck with IE7, which I must admit I like overall, but its not as good in a lot of respects.

I use Opera on my gf's laptop though (so she can have IE7 all to herself) and it work's a treat... tried Safari 3.0 on there originally and it was a bit lacking the memory to deal with it's leakage; maybe this new release has sorted that hehe.

Anyway, im pleased to not my new website has passed the IE6, IE7, FireFox 2 & 3, Opera 9 and now Safari 3.1 test's; any other browser people actually use??

Cheers!

smile


Moderated by  Mark 

Random Wirral Images

Click to View Topic.
Newest Topics
Stage-Coach Timetables in 1830's
by mikeeb. 19th Sep 2020 4:05pm
Dorothea Quarry Aug 2020
by KevinFinity. 18th Sep 2020 9:45pm
cat found,Wallasey
by doggod. 17th Sep 2020 8:55pm
Birkenhead Trams 1876
by mikeeb. 17th Sep 2020 3:38pm
Spring fitting required
by gerrymoore. 17th Sep 2020 9:20am
For Sale & Free
Wanted Bultaco Astro Or Pursang 360 Model 104
by BultacoAstro. 13th Sep 2020 10:39pm
Wooden Single Bed, Headboard, Mattress and Drawer
by rhoobarb2002. 12th Sep 2020 5:07pm
Vauxhall Alloy Wheels - Astra, Corsa, Zafira etc.
by j_demo. 12th Sep 2020 2:44pm
2x2 seater leather sofas recliner
by paul110180. 7th Sep 2020 8:18am
2x2 seater leather sofas recliner
by paul110180. 7th Sep 2020 7:32am
Member Spotlight
zigzagwanderer
zigzagwanderer
Wallasey
Posts: 302
Joined: January 2011
Show All Member Profiles 
Newest Members
RyanEvans, mange1827, Stephen_59, AuntieP, Marks1960
13512 Registered Users
Today's Birthdays
No Birthdays
New Wirral Info
Van carpet fitter
by Gibbo. 17th Sep 2020 9:16am
Tower road. Birkenhead and now Dock road
by keef666. 6th Sep 2020 1:53pm
Enjoy the street theatre!
by Excoriator. 5th Sep 2020 3:50pm
Laminate flooring
by casper. 4th Sep 2020 6:33pm
Self-Employment Income Support Scheme
by mikeeb. 23rd Aug 2020 3:05pm
News : New Topics
Award for Corbyn ???
by granny. 27th Aug 2020 10:41pm
Casper Specials
by granny. 23rd Aug 2020 5:39pm
Worlds oldest man dies aged 116
by mikeeb. 23rd Aug 2020 2:36pm
When Damascus Falls !
by granny. 13th Feb 2020 11:12pm
Coronavirus
by cools. 30th Jan 2020 5:38pm
New Enthusiast Forums
Dorothea Quarry Aug 2020
by KevinFinity. 18th Sep 2020 9:45pm
cat found,Wallasey
by doggod. 17th Sep 2020 8:55pm
Spring fitting required
by gerrymoore. 17th Sep 2020 9:20am
Customer Is Always Right
by BultacoAstro. 3rd Sep 2020 12:19pm
VW Golf TDi Cambelt
by TudorBlue. 1st Sep 2020 10:04am
Popular Topics(Views 24hrs)
Wirral Sunrise Sunset
Sunrise Mon 6:58am
Sunset Mon 7:11pm
Local Time Mon 8:46pm
Powered by UBB.threads™ PHP Forum Software 7.6.1.1