Time to apply the same rule to point #2, that you applied to point #1.
The IE guy was also prepared.
http://www.zdnet.com/blog/security/...indows-7-hijacked-with-3-vulnerabilities/8367
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researchers Exploit Safari Security Hole in Five Seconds at PWN2OWN
- Thread starter camelsnot
- Start date
- Sort by reaction score
Time to apply the same rule to point #2, that you applied to point #1.
The IE guy was also prepared.
http://www.zdnet.com/blog/security/...indows-7-hijacked-with-3-vulnerabilities/8367
God, Apple has their hooks deep into you brother. This is troubling in that the main browser of the ecosystem is so riddled with holes and flaws. No browser is perfect...but 5 seconds? Wow.
How about all other OS-X web browsers? There are more around besides Safari. Some also based on Webkit or Mozilla like Camino.
Sorry, It's just I went through 2 years of College with a class full of people who refused to touch any tech Non Apple, and would sneer at me and make unkind remarks about me and my Windows Laptop, usually about being poor, a point disproven by my £1,300 laptop.
So whenever someone aims a dig at Windows in my direction, even as a joke, I just sign, broken... And fail to see the humour.
Heh, they made fun of you for "not having enough money"? I think that in itself would make their taunts meaningless (like how does having the money to buy the laptop make them any more superior)?
But, I had the opposite problem in college. I went to an engineering school that pretty much everyone I knew thought Macs were stupid and for idiots who didn't know how to use computers and were the inferior computer (basically the people who prefer Android now, same kind of taunts Android users use towards iPhone except think Windows vs. Mac). And constantly made fun of cause I used and preferred a Mac. So now it always amazes me to hear people complain of Mac people being that way (I guess it's become true, but when I went to college it was the Windows geeks who wouldn't leave me alone).
For some reason while I read this I imagined Steve reading the same thing and tugging at the neck of his black turtleneck and sweating profusely.
I think Jobs has more important issues on his mind like his health.
This has nothing to do with obscurity. Mac OS 9, which was much less widespread than OS 10, had over 15 accounted, REAL WORLD viruses. My own iMac was once infected under OS 9.
The problem is Safari, it sucks, it always has.
Maybe it had nothing to do with what brand computer you guys were using and they were picking on you because you're nerds?
Nope, Chrome uses more recent Webkit builds than Safari does. Not to mention it depends what the exploit targeted. Chrome uses a different Javascript engine than Safari.
^ Safari is getting the new sandbox web kit treatment soon anyway correct? It's supposed to bring Safari up to Chrome's security level. Which is one reason I like Chrome lately although I do prefer Safari.
Lion should be much more secure and hopefully Apple realizes this. As they grow the target will get bigger.
Lion should be much more secure and hopefully Apple realizes this. As they grow the target will get bigger.
I don't understand why Apple doesn't pay prizes for finding security holes they have ****in' 50 billion in the bank, spending a little of that to make their OS the most secure should be a no-brainer IMHO
The security industry as a whole generally pays for reporting new hacks without going public with the information until a fix i made. Hackers have to make a living too, and this is one good way to do it.
At the rate Apple is going with nickel and diming everyone, I would not be surprised if Apple figured out a way to spin some $4.99 app so hackers could try to hack "officially".
Hackers are an interesting bunch. They will find exploits because that's just what they do. Nothing is 100% secure, and given enough time anything can be hacked. If Apple doesn't get serious about security, guess what spurned hackers will do. Rather than reporting an exploit to be fixed, they'll use it or find someone who will.
As for the contest, I'm pretty sure anyone on this forum would take a new laptop and $15k for 2 weeks of work. And if you are of the mindset of these types, it's not work.
This is quite troubling but as a Chrome user, I'm not too concerned. However, I do expect Apple to take a serious look at security in Lion. I'm tired of having my Linux+Windows7 fanboy friend taunting me with these articles.
(Correct me if I'm wrong but using Chrome would help avoid the vulnerability, wouldn't it?)
(Correct me if I'm wrong but using Chrome would help avoid the vulnerability, wouldn't it?)
Uh, no. My college was full of geeks (that's what happens when you go to an engineering college
). And why would non nerds give a **** about what computer I was using ?Oh, and how high school can you get trying to be insulting by calling some one a nerd? You realize anyone that comes on a forum to sit here and talk about computers and gadgets can pretty much be called a nerd *poke*? I mean non nerds really don't care about this stuff.
I guess I will have to stick with my PC for work.
Until you read an article that says that second place went to a guy that hacked an allegedly fully patched version of Windows 7 in 8 seconds and he brags that it only took him 36 hours to find the hole and write the code
Yeah, that's it.
I see you've taken your show outside of PRSI.
I'll say it again: Saying that it took 5 seconds to hack Safari is like saying it took me 60 seconds to write a 20 page paper because that's how long it took to print.
I'm not doubting that Safari has vulnerabilities......I just think it's disingenuous to say it took 5 seconds to hack.
One hacker also demonstrated stealing an iPhone 4's contact list with malicious website code.
It's easy to say, "Oh well you should just avoid evil websites", but it's not always that easy or clear, when you're following news or research links.
After years of never having a virus on my computers, I was finally nailed hard this past Christmas when I was looking up astrolabes, of all things. One of the sites I got linked to was advertising really inexpensive replicas. Yeah, well now I know why. It was just a lure to get you to come in. In the end, I had to wipe my machine and start over from a backup drive,
It's easy to say, "Oh well you should just avoid evil websites", but it's not always that easy or clear, when you're following news or research links.
After years of never having a virus on my computers, I was finally nailed hard this past Christmas when I was looking up astrolabes, of all things. One of the sites I got linked to was advertising really inexpensive replicas. Yeah, well now I know why. It was just a lure to get you to come in. In the end, I had to wipe my machine and start over from a backup drive,
A detail that most of these 'the sky is falling' articles fail to mention. Apple has already patched the hole. Even before the event occurred.
Instead they are getting hits off the FUD.
It gets worse, according to Ars Technica the version of Safari was "frozen" from a week ago, so it didn't even include the patches that came out a day before the pwn2own event.
Google was hosting the event, so naturally things are going to be different. Also, from the article, Chrome was allowed to update...even though the person that was suppose to break it didn't show up:
Full article here...and apologies if this has been posted:
http://arstechnica.com/security/news/2011/03/pwn2own-day-one-safari-ie8-fall-chrome-unchallenged.ars
Google was hosting the event, so naturally things are going to be different. Also, from the article, Chrome was allowed to update...even though the person that was suppose to break it didn't show up:
Full article here...and apologies if this has been posted:
http://arstechnica.com/security/news/2011/03/pwn2own-day-one-safari-ie8-fall-chrome-unchallenged.ars