Linked by Thom Holwerda on Fri 20th Mar 2009 13:51 UTC, submitted by google_ninja
Privacy, Security, Encryption Fresh from winning the PWN2OWN contest yesterday, Charlie Miller has been interviewed by ZDNet. He talks about how Mac OS X is a very simple operating system to exploit due to the lack of any form of anti-exploit features. He also explains that the underlying operating system is much more important in creating a successful exploit than the bowser, why Chrome is so hard to hack, and many other things.
Permalink for comment 354320
To read all comments associated with this story, please click here.
RE: Exploits on OSX "just work"
by MikeekiM on Sat 21st Mar 2009 14:47 UTC in reply to "Exploits on OSX "just work""
MikeekiM
Member since:
2005-11-16

Is this guy on Crack?

Address Space Randomization ain't the Panacea this guy makes it out to be:

http://crypto.stanford.edu/~nagendra/papers/asrandom.ps

Address-space randomization is a technique used to fortify systems against buffer overflow
attacks. The idea is to introduce artificial diversity by randomizing the memory location of
certain system components. This mechanism is available for both Linux (via PaX ASLR) and
OpenBSD. We study the effectiveness of address-space randomization and find that its utility on
32-bit architectures is limited by the number of bits available for address randomization. In par-
ticular, we demonstrate a derandomization attack that will convert any standard buffer-overflow
exploit into an exploit that works against systems protected by address-space randomization.
The resulting exploit is as effective as the original, albeit somewhat slower: on average 216 sec-
onds to compromise Apache running on a Linux PaX ASLR system. The attack does not require
running code on the stack.
We also explore various ways of strengthening address-space randomization and point out
weaknesses in each. Surprisingly, increasing the frequency of re-randomizations adds at most
1 bit of security. Furthermore, compile-time randomization appears to be more effective than
runtime randomization. We conclude that, on 32-bit architectures, the only benefit of PaX-
like address-space randomization is a small slowdown in worm propagation speed. The cost of
randomization is extra complexity in system support.

-----------

Vista has it's problems with ASLR as well:

In a nutshell, Whitehouse found that Microsoft's implementation of ASLR isn't 100 percent effective against automated malware attacks that rely on predicting the memory layouts of loaded programs.

Our research also shows that applications that leverage the Microsoft HeapAlloc() function are not afforded the same level of protection as those that leverage the ANSI C heap allocation API malloc(). As a result, third-party software that explicitly uses Microsoft’s API is potentially more vulnerable to exploitation than software that does not. Also apparent is that using CreateHeap() followed by HeapAlloc() improves the entropy slightly over using malloc() alone. Finally, results show fewer consecutive duplicates than expected in the PEB randomization. This result adds to the evidence that the source of entropy used within ASLR is poorly used.

-------------

One loud mouth, spending a Year to crack a Mac,
does nothing about the Real World CornFlicker Infection.

-------------

In the Real World your still better off with a Mac, and using VMWare Fusion when you need to run Windows. In Mac Preferences, Security, Firewall, turn on "Allow Only Essential Services", and don't browse this Crackers web site, maybe install Chrome.

----

But, if you have to go Vista - go 64 bit, for security, except there won't be the drivers you need.

Reply Parent Score: 2