Safari gets pwned in a five-line Python Script

Discussion in 'Apple, Inc and Tech Industry' started by Stella, Mar 25, 2010.

  1. Stella macrumors 604

    Stella

    Joined:
    Apr 21, 2003
    Location:
    Canada
  2. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #2
    Heh. Anyone who can answer this question should get a $15,000 prize :p

    ...although your thread title is a little misleading. The bugs were found using the python script, but the script itself didn't actually do anything. Semantics.
     
  3. notjustjay macrumors 603

    notjustjay

    Joined:
    Sep 19, 2003
    Location:
    Canada, eh?
    #3
    Quote from the article:

    Why do I picture Chloe O'Brien saying those words? :D
     
  4. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #4
    Safari has always done incredibly poorly in these type of "contests"

    While firefox and IE do succumb, safari is always the quickest and easiest to crack. Not really good when apple tries to sell its products as more secure then its competitors.
     
  5. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #5
    That is completely and utterly wrong.

    The contest is set up specifically to start that urban myth. 50% of first day was scheduled to Apple products (when Apple doesn't own 50% of browser market). They also allot times for apple first (aka they cannot work on internet explorer or firefox earlier in the day.)
    http://obamapacman.com/2010/03/appl...cked-cracked-in-20-seconds-the-whole-story/2/
     
  6. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #6
    Oh yay, another blog post to debate over.

    There are a number of fair points in the post, however....

    Talk about selective journalism. On Pwn2Own's blog post about the 2010 competition, RIM, Android, and Chrome are all listed. The drawing of time slots was random as far as we know; there's a video of it on the site. I suppose you could speculate on how random it actually was, but speculation will happen no matter what. Interestingly they didn't even let the second iPhone slot go ahead; it'd have been an even more explosive headline if it was "iPhone hacked twice in one day!"


     
  7. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #7
    No it isn't Every hacker test/contest always had apple's vaunted web browser fail first. I'm not sure how you can disagree with facts but hey I suppose if I drank the kool-aid I'd also disagree with facts.
     
  8. ArrowSmith macrumors regular

    Joined:
    Dec 15, 2009
    #8
    Bottom line - any software or device is hackable given enough time. That Apple tries to market their products as unhackable is called "deception in advertising". ;)
     
  9. acurafan macrumors 6502a

    Joined:
    Sep 16, 2008
    #9
    yet the fair-weather apple bandwagon will still debate the technicalities of who failed first. ;)

    bottom-line is - the thing broke. just admit it.
     
  10. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #10
    The issue as I see it, is that apple seems to believe thier own "deception in advertising" just look at how long it took them to add anti-phising technology into safari. Apple is probably the slowest vendor at dealing with security issues. Granted Microsoft has had a lot more practice filling in the security holes, that doesn't take away the fact that they now have a good process for dealing with it.

    Apple on the hand, typically takes the head buried in sand approach, unfortunately that means they're playing russian roulette with my data
     
  11. Abstract macrumors Penryn

    Abstract

    Joined:
    Dec 27, 2002
    Location:
    Location Location Location
    #11

    Damn that sounds bad. Obviously I understand that viruses are bad, but I'd never even know if a website I have visited steals my shiz. :(
     
  12. *LTD* macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada
    #12
    http://www.apple.com/macosx/security/

    Where is the deception? Or are you getting ready to make a sandwich with all that baloney?


    Not a helluva lot to protect against. If you want to do yourself a real disservice, play with your data on a Windows box, which by the way, was not only compromised at the competition, but also has over 100,000 bits of nastiness for it just waiting to get at your data. Double-whammy.
     
  13. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #13
    And that would be marketing. Marketing very rarely is reality.

    I recall a Java issue that took Apple months (if not a year) after Sun had already developed a fix. Having a truly closed system is a mixed bag.
     
  14. *LTD* macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada
    #14
    Really? Apple doesn't claim OS X to be the most secure OS. Apple doesn't claim anything remotely outlandish. In fact, EVERYTHING on that page is perfectly true and acceptable. Apple even goes so far as to advise users to be extra careful and how to do it.
     
  15. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #15
    I don't recall Apple ever saying that Safari was invulnerable, or even that it was more secure than anything else.

    Safari was created to fill in a large sucking void caused by the departure of IE for the Mac and before Firefox got ramped up. Safari for Windows was created simply as an ad campaign to get people to try Apple products (other than lackluster iTunes and Quicktime) AND to encourage primarily IE focused web developers to perhaps consider making their junk compliant for Safari without having to say "I'm not going to buy a Mac just for that".

    I think some folks confuse the unfortunate claims and allusions created by the advertisement and marketing people, salt it liberally with the claims of the 'kool-aiders', and then claim it as the anti-gospel of Apple itself and look for opportunities to take pot-shots.
     
  16. FX120 macrumors 65816

    FX120

    Joined:
    May 18, 2007
    #16
    They leave that all for you...
     
  17. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #17
    There's the rub, because I know that windows has some security issues, I can run software to protect my system and data, but because apple markets OSX as a more secure OS, they lead the consumer into a false sense of security. I would say that my data is safer on windows because I run security software then OSX w/o security software.


    [​IMG]
    Clearly they're advertising how secure the OS is
     
  18. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #18
    I wouldn't waste too much energy on this maflynn. As long as there is wiggle room the apologists and fanboys will wiggle.
     
  19. Jason Beck macrumors 68000

    Jason Beck

    Joined:
    Oct 19, 2009
    Location:
    Cedar City, Utah
    #19
    I don't know about them claiming "unhackable".
    Citation?
    I've seen and heard them claim OSX as secure, or the most secure
    consumer OS .. but don't recall them claiming it as unhackable.
     
  20. *LTD* macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada
    #20
    Exactly. It is very secure against 99.9999% of malware out there. Which is Windows malware.

    Further, note that its built-in defenses *help* keep you safe. Help. Not guarantee. They just help, along with safe practices. It all just *helps.* There are no guarantees, and Apple doesn't make any. OS X is *not* insecure, either. There are security features that come with Unix 9and very good ones), including user prompts, and there is a built-in firewall. No current consumer OS is actually "insecure."

    Apple is being completely reasonable with their statements.


    When fanboys are right, they're right.
     
  21. Jason Beck macrumors 68000

    Jason Beck

    Joined:
    Oct 19, 2009
    Location:
    Cedar City, Utah
    #21
    Amen.
    They are not saying it is unhackable, merely they are saying it doesn't
    get PC viruses. There are no constant sweeps and prompts either.
    That ad is 100% accurate and isn't false advertising.

    Besides, when is the last time any of you had an OSX "virus"?
    Secure?
     
  22. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #22
    You're right - there's no discussing anything with LTD when it requires the fact that apple isn't 100% right.

    see that's the problem with fanboys. You always think you are right even when you're not.
     
  23. *LTD* macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada
    #23
    There used to be more viruses for the classic Mac OS, and that's when Macs had far less market share!

    In answer to your query: never. You can surf questionable sites with your firewall disabled and any other OS-level security feature disabled (not counting what comes with your router) and you can be quite confident that you'll never get any sort of OS X malware. And you can also be confident that as long as Windows commands the lion's share of the bulk market (that is, outside the Premium end, since MS to its eternal shame lost control of it) OS X will remain the safest. And by the looks of it, hey, people are calling Windows 7 a good OS. Which means great things for OS X if you espouse the security via obscurity argument. Plus, the $1000+ end of the market can expand, but there is a definite limit, both in terms of that entry-fee, and in terms of Apple not licensing (or rather, not whoring) their OS out to any and all hardware makers. You'll never see enough OS X market share anyway to facilitate even a classic Mac OS level of malware proliferation, much less the veritable sh*tstorm of malware that unfortunate Windows users have to deal with. Again, although Unix has some great security features, I'm letting the security-via-obscurity folks have their day here.

    In fact, Apple can make the claim (easily) that OS X is impervious out-of-the-box to most malware that exists today, since the vast majority of it is Windows malware. It would be completely true.

    2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010.

    Still safe. So tell me, who's wrong again?

    Speaking of "fanboys", your big-ass Fedora avatar is showing.
     
  24. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #24
    You

    You have a problem with my avatar?
     
  25. notjustjay macrumors 603

    notjustjay

    Joined:
    Sep 19, 2003
    Location:
    Canada, eh?
    #25
    This is the second time I've said this in as many weeks, but... as much *LTD* may say things that I don't agree with, he's not wrong in this one. Nowhere does Apple say that OS X or Safari is "unhackable" and it IS safer than Windows.

    He's not wrong on this one.
     

Share This Page