With the infamous PWN2OWN contest drawing ever closer, the heat is ramping up. This year's instalment pitches Apple's Safari (on the Mac), Google's Chrome, Internet Explorer 8, and Firefox (all on Windows 7) against one another, while also allowing crackers to take on mobile platforms. Last year's winner, Charlie Miller, who won by cracking Mac OS X within minutes last year, says Safari on the Mac will be the first to fall.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-11-16
"Airport constantly breaking in 10.4.x. It rarely worked perfectly for anyone "
Never had a problem with Airport.
"Network (Finder) constantly breaking entirely in 10.4.x. Never found anyone where it worked well.. "
Worked most of the time for me, works all the time until now with Leopard.
"Radius being mostly unusable in early 10.5.x (might be fixed by now) "
No problem with it, but i understand that some may have issues.
"A spammer sent us an email once to the sales mailing list. Every 10.5.1 Mail client instantly became unusable. I had to clear the emails off each account on the server manually (in fact, that worries me because some of our clients were running hundreds of Mac's). "
Never had that, never heard similar case.
"Apple discourages good security practices.. They prefer to pretend as though OSX isn't vulnerable to anything "
Really? You don't know what you are talking about:
http://www.usenix.org/events/lisa08/tech/hubbard_talk.pdf
http://images.apple.com/server/macosx/docs/Leopard_Server_Security_...
http://images.apple.com/server/macosx/docs/Leopard_Security_Config_...
"Safari isn't really known for its stability.. "
What the proof of that?
"Other things that clearly showed that QA at apple sucks is : "
Yes sure:
http://www.insanely-great.com/news.php?id=10167
So question? Why don't you stop trolling?
"It's an easy target," Miller stated, "Apple's products are really friendly to users, and Safari is designed to handle anything, including all kinds of file formats. With a lot of functionality comes the increased chance of bugs. The more complex software is, the less secure it is."
Miller says again non sense in his usual anti apple speech. Should i recall that the flaw that he exploited last year was not a specific Safari issue but a webkit (already then used by a lot of other projects) issue that he knew it existed since the issue was related to a flaw in the PCRE library originally derived from Perl. The issue was public and he just had to go to see the source code of webkit to check if it was affected. And yes it was, but he didn't do anything amazing, he had the source code, that's after all the benefit of open source code, bugs can be found in a easier way.
So that really makes completely pointless what he is saying now, this is just anti Apple crap.
No i am sure that someone here will say me, yeah but the flaw was in webkit, Apple was responsible of it, bla, bla. Actually even if you could argue that the webkit team should have found the issue before it was discovered as the PCRE code was refactorized in webkit, the bug was not introduced by webkit, but indeed was present in PCRE well before.
The issue was present in webkit in the file pcre_compile.cpp, the code correction was:
before:
if (maxRepeats > 0) length += (maxRepeats - 1) * (duplength + 3 + 2 * LINK_SIZE);
after:
if (maxRepeats > 0) {
repeatsLength = multiplyWithOverflowCheck(maxRepeats - 1, duplength + 3 + 2 * LINK_SIZE);
if (repeatsLength < 0) {
errorcode = ERR16;
return -1;
}
length += repeatsLength;
if (length > MAX_PATTERN_SIZE) {
errorcode = ERR16;
return -1;
}
}
and
before:
length += (minRepeats - 1) * duplength;
if (maxRepeats > minRepeats) /* Need this test as maxRepeats=-1 means no limit */
length += (maxRepeats - minRepeats) * (duplength + 3 + 2 * LINK_SIZE)
- (2 + 2 * LINK_SIZE);
after:
repeatsLength = multiplyWithOverflowCheck(minRepeats - 1, duplength);
if (repeatsLength < 0) {
errorcode = ERR16;
return -1;
}
length += repeatsLength;
if (maxRepeats > minRepeats) { /* Need this test as maxRepeats=-1 means no limit */
repeatsLength = multiplyWithOverflowCheck(maxRepeats - minRepeats, duplength + 3 + 2 * LINK_SIZE);
if (repeatsLength < 0) {
errorcode = ERR16;
return -1;
}
length += repeatsLength - (2 + 2 * LINK_SIZE);
}
if (length > MAX_PATTERN_SIZE) {
errorcode = ERR16;
return -1;
}
Plus some other lines of codes were added to implements those changes. The issue was that Regular expressions with large nested repetition counts can have their compiled length calculated incorrectly and the corrected code was to check for overflow when dealing with nested repetition counts and bail with an error rather than returning incorrect results.
Then by checking the code in the original PCRE, say the version 6.5, you could see those lines of code in pcre_compile.c (again the original code was refactorized in C++ in webkit but here it does not matter, the code meaning related to the issue is the same in C or C++):
line 4863:
if (max > 0) length += (max - 1) * (duplength + 3 + 2*LINK_SIZE);
which corresponds to the first part of the code corrected in webkit above.
And line 4874-4877:
length += (min - 1) * duplength;
if (max > min) /* Need this test as max=-1 means no limit */
length += (max - min) * (duplength + 3 + 2*LINK_SIZE)
- (2 + 2*LINK_SIZE);
which corresponds exactly to the second code correction in webkit above.
Hence the issue was present in the original PCRE and made its way through in webkit.
So given this simple demonstration, Miller's accusation against Apple and his meaningless arguments associated to it makes zero sense. This sounds more to be a sensational speech to attract the bad press.
"He also added that what makes Safari an even more attractive target is the fact that it runs on Mac OS X, which he states lacks several security features that Windows Vista and Windows 7 "
Yes sure, this one really sounds more than an argument for the marketing at Microsoft (maybe even ordered by Microsoft) than a matter of fact. Windows 7 has already lost anyway,
http://www.pretentiousname.com/misc/win7_uac_whitelist2.html
The question is will someone use it during the context? And this is the fundamental issue with this sort of context, it should not be considered as a good indicator of the security of a given platform, they are only showing which platform is targeted first during a security context. Then this will depend on which one will produce the most sensational report in the press.....
"he has an impressive list of exploits he has uncovered, such as the first exploit on the iPhone"
That was also related to webkit, an open source project, what is amazing exactly?
By the way, Miller should also look at this
http://www.usenix.org/events/lisa08/tech/hubbard_talk.pdf
Edited 2009-03-06 09:25 UTC
Member since:2005-07-06
Member since:
2008-01-20
Who said they weren't testing Safari4? Nobody said otherwise. Nice assumption you have made there (congratulations).
Secondly, the only real objections being made against Vista was UAC (which is no different to policykit in Linux and equally as annoying), the speed (because at the time, most people had integrated graphics cards which couldn't support aero) and the drivers (which isn't Microsoft's fault). The biggest change made in Windows 7 is the perception by the crowd. Whilst every Vista owner agrees there are some nice changes, overall, the difference this time is mainly that people are walking in with a possible attitude. The most vocal people this time seem to be WindowsXP users, not Vista users.
I tend to agree with this articles conclusions though. Leopard server really proved it to me. Mrhasbean, FYI, Apple QA is so bad that nothing in Mac OSX Leopard Server worked properly on the first release. It was in fact less stable, and less usable then early Vista Betas. I am not joking, Apache worked, but everything else had serious problems (and even the Apple Fax modem froze Leopard server). And no, I wasn't the only person who found it to be so. It really showed to me some of Apple's QA skills.
Other things that clearly showed that QA at apple sucks is :
- Airport constantly breaking in 10.4.x. It rarely worked perfectly for anyone
- Network (Finder) constantly breaking entirely in 10.4.x. Never found anyone where it worked well..
- Radius being mostly unusable in early 10.5.x (might be fixed by now)
- A spammer sent us an email once to the sales mailing list. Every 10.5.1 Mail client instantly became unusable. I had to clear the emails off each account on the server manually (in fact, that worries me because some of our clients were running hundreds of Mac's).
- Apple discourages good security practices.. They prefer to pretend as though OSX isn't vulnerable to anything
- Safari isn't really known for its stability..
Safari will die first, but #2 is certainly open for debate. Firefox I believe is moving forward so rapidly, and is becoming so broad-scoped that it has a good chance of breaking soon after Safari.
IE progress is so incredibly slow (and it has been combed over so many times by so many hackers), that I think it will be cracked, but not that quickly honestly. That's not a good thing though. IE8's getting closer to standards compliance, but the difference is the same between a Segway and a Ferrari really. But I must agree some of the new IE8 features do look nice (although, its still not enough for me).