I'd give them the title 'destroyer'. "It's easier to destroy than to create."
Like Jedi, not all developers are good; some are "dark". LOL
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researcher Set to Announce 20 Zero-Day Holes in Mac OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
Like Jedi, not all developers are good; some are "dark". LOL
Very true, but this is what matters most:
http://www.computerworld.com/s/arti...ri_IE8_Firefox_all_fall_on_day_one_of_Pwn2Own
Companies are taking this seriously, and this is a good thing. It also makes me feel really good about using Chrome.
Wakey wakey, eggs and bakey...
ZDNet:
[BTW —despite appearances —the "ZD" in ZDNet stands for Ziff-Davis, not Zero Day. ]
ZDNet:
- Pwn2Own 2010: iPhone hacked, SMS database hijacked
- Pwn2Own MacBook attack: Charlie Miller hacks Safari again
- Hacker exploits IE8 on Windows 7 to win Pwn2Own
- Pwn2Own hack topples Firefox on Windows
[BTW —despite appearances —the "ZD" in ZDNet stands for Ziff-Davis, not Zero Day.
]
These are pwned in minutes because these guys have spent weeks or longer writing their exploits into their own websites. Yes, the "cracked in mere minutes!" is a great headline, but it doesn't really represent the truth.
Yup. I follow Charlie Miller on Twitter, and he already had all the information long before this. Cracked in mere minutes is just because that's how long it took to execute the vulnerability.
It's like saying it takes only 30 seconds to get a home built PC up and running; that 30 seconds to start it up.
However it takes hours to build, but that doesn't sound as impressive.
So many words, so little content. I am a programmer, experienced enough to demand proof, not conjecture, before accepting a claim of a 'zero-day exploit'. I originally said "I want some proof he can learn something useful from his 'technique', he hasn't got any such proof."
Miller has seemingly claimed he can crash Preview as 20 of the 'exploits' were against Preview. Hell, I can crash Preview by using Force Quit. If Miller can show how his so-called 'exploits' can compromise the system rather than merely providing a denial of service against Preview then I will stop giggling. For now, Miller is merely a insubstantial self publicist who will not share his detailed findings with anyone, perhaps because there aren't any.
You're obviously not following this thread too well. (Clicking on links and reading external material is required. There should be no need for constant spoon-feeding here. See my last post for example). The exploits are merely demonstrated [i.e., proved.] No "how-to" or nitty-gritty details will be publicized until vendors have patched the associated holes. But you should already know that from what's previously been said and/or referenced.
We aren't even told (by the event reporters) if Stealth Mode was active on Snow Leopard's firewall, and/or whether or not that would have mattered anyway. Nor are we specifically informed of any root access (at least not with that exact word... perhaps "pwn" implies root in all contexts, idunno).
More linkage: "Pwn2Own winner tells Apple, Microsoft to find their own bugs"
2010-March-29
Apple Mac OS X - 10.6.3
Snow Leopard operating system.
Apple Security Update - 2010-002
For Leopard Mac OS X 10.5.
Both OS versions share the same security page: http://support.apple.com/kb/HT4077
HELLO... 11 instances of the string “working with TippingPoint's Zero Day Initiative” appear in that kbdoc!!!!!!!11
Apple Mac OS X - 10.6.3
Snow Leopard operating system.
Apple Security Update - 2010-002
For Leopard Mac OS X 10.5.
Both OS versions share the same security page: http://support.apple.com/kb/HT4077
HELLO... 11 instances of the string “working with TippingPoint's Zero Day Initiative” appear in that kbdoc!!!!!!!11
And now we can add 10 more (ZDI fixes) in QuickTime 7.6.6.
Hmm, let's see . . . 11+10=21 [what was the title of this thread again?]