Safari hacked first at pwn2own is a total JOKE!

[munkery]

So much for the Safari hacked first headlines.

Easy to be hacked first when the browsers are not attacked all at once but one at a time with Safari being first.

EDIT: Obvious troll, I know, but a lot of Fanboy haters like to bring up the whole hacked first thing in relation to pwn2own like being hacked first is meaningful.

Obviously, being hacked is not a joke.

 

[MisterMe]

So much for the Safari hacked first headlines.

Easy to be hacked first when the browsers are not attacked all at once but one at a time with Safari being first.

EDIT: Obvious troll, I know, but a lot of Fanboy haters like to bring up the whole hacked first thing in relation to pwn2own like being hacked first is meaningful.

Obviously, being hacked is not a joke.

Whether it is "attacked" first or last is really not the issue. The reports of the Pwn2Own contest makes it clear that the "hackers" prepared for weeks to do what they did. The issue is that in the "contest" these browsers are usually not "attacked" at all. They are cooperative targets.

 

[munkery]

Chrome survived day one. Luckily, Safari will soon be based on Webkit2 with a similar sandbox to Chrome.

Right now Safari only sandboxes plugins. The rendering (webkit - safari exploited today via webkit) and scripting engines are not sandboxed in the current Safari.

Chrome sandboxes all these components and so will Safari once based on Webkit2.

IE's sandbox (protected mode) was bypassed today during pwn2own.

 

[Consultant]

Chrome did not "survive." It was untested, due to about half the entries being focused on Apple.

The event is sponsored by Microsoft, RIM, and Google, with a biased goal.

What I wrote about it last year.
http://obamapacman.com/2010/03/pwn2...erence-cansecwest-partly-microsoft-sponsored/

 

[munkery]

Chrome did not "survive." It was untested, due to about half the entries being focused on Apple.

True, the individual scheduled to test Chrome did not show. Maybe due to recent update plugging hole or just unable to get a reliable exploit working in time for the contest due to Chrome's more extensive security mitigations.

Chrome is listed as a sponsor as they will pay the individual that hacks Chrome over and above the amount allocated by cansecwest. Seems like Google is providing incentives to be targeted in a manner that would negate bias. No?

 

[roadbloc]

Who could give a ****?

Posted on IE8.

 

[Tarzanman]

Being hacked first isn't meaningful.... what IS meaningful is this news in the face all of the clueless users who claim that macintosh is more secure than other platforms.

 

[StefSSU]

Who could give a ****?

Posted on IE8.

Seriously? Security issues aside, IE8 is a terrible, terrible browser. I only resort to IE when I need to access a particular company web login. And only then because it works marginally better. Ask any web developer, and they will tell you how much of a pain it can be to get your beautiful new css3 html5 site to work and not look rubbish in IE.

That said, IE9 looks good. At least I think it does, I don't know because for some reason I can't download/install it on either my 32bit Win 7 virtual machine or my 64bit Win 7 boot camp drive.

 

[MacDawg]

Being hacked first isn't meaningful.... what IS meaningful is this news in the face all of the clueless users who claim that macintosh is more secure than other platforms.

If you happen to be keeping score, add me to your list of "clueless users who claim macintosh is more secure than other platforms", but I would prefer my T-Shirt read "OSX" instead of Macintosh, oh, and I would like my T-Shirt to be XL... thanks.

 

[nefan65]

EVERY OS and Browser is vulnerable. Don't fool yourself into thinking that your safe, or your system is not prone to vulnerabilities.

Virus is way too lose a term used. Like others have said, there a no KNOWN viruses for OS X in the wild. Doesn't mean that there aren't any...just none in the wild at the moment.

That said, I agree these events are a biased and ridiculous. They have 2 weeks to focus on a specific vulnerability, and they write something to exploit it. Not something most hackers are focused on. Really...think about what most are trying to do? They either want to steal something [$$, information, etc.], or have an axe to grind [ala "I Hate <<<INSERT COMPANY/ENTITY HERE>>>"]. If you use common sense, keep your system up to date, and stay away from shady sites, you'll be fine.

 

[MisterMe]

EVERY OS and Browser is vulnerable. Don't fool yourself into thinking that your safe, or your system is not prone to vulnerabilities.

Until you can get the number of MacOS X exploits above zero (0), this is just alarmist bunk.

Virus is way too lose a term used. Like others have said, there a no KNOWN viruses for OS X in the wild. Doesn't mean that there aren't any...just none in the wild at the moment.

Earth to negan65: none in the wild at the moment means none at all. Do you honestly believe that there is some secret virus hiding in the weeds waiting for just the right moment to pounce? Really?

 

[munkery]

All OS have vulnerabilities in client software that parse a lot of data types, such as web browsers, office suites, & etc.

But, OS X has a very low incidence rate of privilege escalation to the system level which is required to install malicious software in security sensitive areas of an OS.

 

[roadbloc]

Seriously? Security issues aside, IE8 is a terrible, terrible browser. I only resort to IE when I need to access a particular company web login. And only then because it works marginally better. Ask any web developer, and they will tell you how much of a pain it can be to get your beautiful new css3 html5 site to work and not look rubbish in IE.

All I wish to do is browse the web. So I just use the OS default. That's Safari on my now non-existant mac as I sold it, IE on my Windows Laptop and Firefox on my Ubuntu server.

All work fine. Each one has different strengths and flaws both under the hood and in design, but at the end of the day, I can still browse the web no problem with any of them.

 

[GGJstudios]

Virus is way too lose a term used. Like others have said, there a no KNOWN viruses for OS X in the wild. Doesn't mean that there aren't any...just none in the wild at the moment.

According to noted computer virus expert Paul Ducklin, in order for a virus to be considered in the wild, "it must be spreading as a result of normal day-to-day operations on and between the computers of unsuspecting users." This definition excludes "proof of concept" code that is used in a testing situation under strictly controlled conditions, and which poses zero threat to average computer users.

From:

Mac Virus/Malware Info​

 

[ksgant]

It gets worse, according to Ars Technica the version of Safari was "frozen" from a week ago, so it didn't even include the patches that came out a day before the pwn2own event.

Apple released Safari 5.0.4 a day ahead of the competition, patching some 60 security holes in the browser. However, this year the rules have been altered: the configuration was frozen a week ago, hence the competition being run against Safari 5.0.3.

Google was hosting the event, so naturally things are going to be different. Also, from the article, Chrome was allowed to update...even though the person that was suppose to break it didn't show up:

The third browser to be tested was scheduled to be Chrome. However, the contestant registered to attempt the attack did not show up, so the browser remains unbeaten. One possible reason for this is that Google published a Chrome update yesterday, closing at least 24 security flaws.

Full article here:
http://arstechnica.com/security/news/2011/03/pwn2own-day-one-safari-ie8-fall-chrome-unchallenged.ars

 

[dejo]

Please continue discussion in Front Page News story:
Researchers Exploit Safari Security Hole in Five Seconds at PWN2OWN