Safari hacked first at pwn2own is a total JOKE!

Discussion in 'Mac Apps and Mac App Store' started by munkery, Mar 9, 2011.

Thread Status:
Not open for further replies.
  1. munkery, Mar 9, 2011
    Last edited: Mar 9, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #1
    So much for the Safari hacked first headlines.

    Easy to be hacked first when the browsers are not attacked all at once but one at a time with Safari being first.

    EDIT: Obvious troll, I know, but a lot of Fanboy haters like to bring up the whole hacked first thing in relation to pwn2own like being hacked first is meaningful.

    Obviously, being hacked is not a joke.
     

    Attached Files:

  2. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #2
    Whether it is "attacked" first or last is really not the issue. The reports of the Pwn2Own contest makes it clear that the "hackers" prepared for weeks to do what they did. The issue is that in the "contest" these browsers are usually not "attacked" at all. They are cooperative targets.
     
  3. munkery thread starter macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #3
    Chrome survived day one. Luckily, Safari will soon be based on Webkit2 with a similar sandbox to Chrome.

    Right now Safari only sandboxes plugins. The rendering (webkit - safari exploited today via webkit) and scripting engines are not sandboxed in the current Safari.

    Chrome sandboxes all these components and so will Safari once based on Webkit2.

    IE's sandbox (protected mode) was bypassed today during pwn2own.
     
  4. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #4
  5. munkery thread starter macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #5
    True, the individual scheduled to test Chrome did not show. Maybe due to recent update plugging hole or just unable to get a reliable exploit working in time for the contest due to Chrome's more extensive security mitigations.

    Chrome is listed as a sponsor as they will pay the individual that hacks Chrome over and above the amount allocated by cansecwest. Seems like Google is providing incentives to be targeted in a manner that would negate bias. No?
     
  6. roadbloc macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
  7. Tarzanman macrumors 65816

    Joined:
    Jul 16, 2010
    #7
    Being hacked first isn't meaningful.... what IS meaningful is this news in the face all of the clueless users who claim that macintosh is more secure than other platforms.
     
  8. StefSSU macrumors regular

    Joined:
    Jul 18, 2009
    Location:
    London
    #8
    Seriously? Security issues aside, IE8 is a terrible, terrible browser. I only resort to IE when I need to access a particular company web login. And only then because it works marginally better. Ask any web developer, and they will tell you how much of a pain it can be to get your beautiful new css3 html5 site to work and not look rubbish in IE.

    That said, IE9 looks good. At least I think it does, I don't know because for some reason I can't download/install it on either my 32bit Win 7 virtual machine or my 64bit Win 7 boot camp drive.
     
  9. MacDawg macrumors P6

    MacDawg

    Joined:
    Mar 20, 2004
    Location:
    "Between the Hedges"
    #9
    If you happen to be keeping score, add me to your list of "clueless users who claim macintosh is more secure than other platforms", but I would prefer my T-Shirt read "OSX" instead of Macintosh, oh, and I would like my T-Shirt to be XL... thanks.
     
  10. nefan65 macrumors 65816

    nefan65

    Joined:
    Apr 15, 2009
    #10
    EVERY OS and Browser is vulnerable. Don't fool yourself into thinking that your safe, or your system is not prone to vulnerabilities.

    Virus is way too lose a term used. Like others have said, there a no KNOWN viruses for OS X in the wild. Doesn't mean that there aren't any...just none in the wild at the moment.

    That said, I agree these events are a biased and ridiculous. They have 2 weeks to focus on a specific vulnerability, and they write something to exploit it. Not something most hackers are focused on. Really...think about what most are trying to do? They either want to steal something [$$, information, etc.], or have an axe to grind [ala "I Hate <<<INSERT COMPANY/ENTITY HERE>>>"]. If you use common sense, keep your system up to date, and stay away from shady sites, you'll be fine.
     
  11. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #11
    Until you can get the number of MacOS X exploits above zero (0), this is just alarmist bunk.

    Earth to negan65: none in the wild at the moment means none at all. Do you honestly believe that there is some secret virus hiding in the weeds waiting for just the right moment to pounce? Really?
     
  12. munkery thread starter macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #12
    All OS have vulnerabilities in client software that parse a lot of data types, such as web browsers, office suites, & etc.

    But, OS X has a very low incidence rate of privilege escalation to the system level which is required to install malicious software in security sensitive areas of an OS.
     
  13. roadbloc macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
    #13
    All I wish to do is browse the web. So I just use the OS default. That's Safari on my now non-existant mac as I sold it, IE on my Windows Laptop and Firefox on my Ubuntu server.

    All work fine. Each one has different strengths and flaws both under the hood and in design, but at the end of the day, I can still browse the web no problem with any of them.
     
  14. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #14
    From:
     
  15. ksgant macrumors 6502a

    ksgant

    Joined:
    Jan 12, 2006
    Location:
    Chicago
    #15
    It gets worse, according to Ars Technica the version of Safari was "frozen" from a week ago, so it didn't even include the patches that came out a day before the pwn2own event.

    Google was hosting the event, so naturally things are going to be different. Also, from the article, Chrome was allowed to update...even though the person that was suppose to break it didn't show up:

    Full article here:
    http://arstechnica.com/security/news/2011/03/pwn2own-day-one-safari-ie8-fall-chrome-unchallenged.ars
     
  16. dejo Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
Thread Status:
Not open for further replies.

Share This Page