Slashdot Mirror
IE8, Safari, iPhone All Fall At Pwn2Own Contest
SpuriousLogic writes "The annual Pwn2Own contest at CanSecWest is underway, and on the first day Web browsers fell to attack. Internet Explorer 8 and Firefox 3.6.2 on 64-bit Windows 7 and Safari on OS X all were forced to run exploit code. To add insult to injury, an iPhone was cracked and the SMS database lifted from it."
Updated 22:40 GMT by timothy: CWmike adds this interesting bit: "The only researcher to three-peat at the Pwn2Own hacking contest said on Thursday that security is such a 'broken record' that he won't hand over 20 vulnerabilities he's found in Apple's, Adobe's and Microsoft's software. Instead Charlie Miller will show the vendors how to find the bugs themselves."
Title misleading maybe... just a bit? Firefox got owned as well.
all were forced to run exploit code.
I wonder if they can sue for rape or at least some form of sexual harrassment.
Apparently none of them wanted to take on Google Chrome..I believe no one was able to crack it last year.
It is no coincidence that in no known language does the phrase 'As pretty as an Airport' appear.
... these guys (and gals?) all know what they are going to try before they ever get to this contest. It's not like they discover all these vulnerabilities during some epiphany once they arrive.
On the other hand, these security holes are real and need to be addressed by anyone and everyone that was shamed (this means MS, Apple, Mozilla, everyone) pronto!
is the firefox exploit windows x64 only? or is it an exploit in the common firefox code?
why does cracking the iphone add insult to injury? seems like you're throwing about cliches for the hell of it
capture: wetness... it's what slashdot makes me feel in my pants
I find it interesting that the IE exploit was published for the world to see, but the Mac and Firefox hacks have been held back.
I feel for the Apple Fanboi's who won't be getting any sleep tonight...coming up with a defense for why their flagship product got pwned. Newsflash: nothing is secure.
If it ain't broke, DON'T fix it.
It was already known and acknowledged by Microsoft that their ASLR implementation on 32-bit Windows was rather weak, but apparently the 64-bit version of it can be bypassed as well, as all of the hacks of pwn2own on Windows 7 made use of return-to-libc attacks, which should be impossible on systems with address space layout randomization.
Pretty good is actually pretty bad.
The exploits were of course not found in the 5, 10 or 15 minutes advertised. They were all worked on for weeks, and even months, and were well-tested and prepared before being executed at the contest like a rehearsed stage play. Also worth to note is that the reason behind "Chrome only browser that withstood security breach" was that NO ONE TESTED CHROME AT ALL. I give this particular "Pwn2Own" show no credibility what so ever because of these details.
Article is so poor in detail :(
Who logs in to gdm? Not I, said the duck.
You're trolling, but...
Pwn2Own's crowd of whitehats is a drop in the bucket. Trying to eliminate all attackers by killing a single roomful of the good guys would be a pretty useless move.
How about you go rewrite WebKit/Gecko with HTML5 support and see how easy it is.
Is this another benign Safari hack that has no real world application, or another one where you need physical access to the box, or another that is already patched in the newer releases? What does "were forced to run exploit code" mean? It says "hacked into a MacBook." Is this another vulnerability in a 3rd party wireless driver? I'm not saying that it's not legit, but "Safari on OS X" without versions and details doesn't tell me a whole lot. Sounds like BS to me.
The only thing worse than a Democrat is a Republican.
Yeah, especially in BASIC.
for his paper written on the plane ( and for his exploit ). Gawd knows how hard it is to write anything decent while travelling on a fucking plane.
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
There's an old saying about not killing the messenger...
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Instead Charlie Miller will show the vendors how to find the bugs themselves.
Well, there's an idea. Is it something that really can be taught?
the very fact that these people know what to do beforehand is proof that app security is generally terrible.
Well, I think you have a very good point there - but on the other hand, the developers do have to prioritize the work they do. Finding and fixing a serious, but hard-to-discover security flaw before this flaw has become widely disseminated may not be worth the effort. In principle "security through obscurity" isn't a good policy but in practice it's often good enough. If the software has a serious flaw but nobody knows about it, that's good enough, at least temporarily.
Bow-ties are cool.
Unfortunately for the messenger, sometimes they are the only ones at hand for some violence.
back to what? 10 and 20 years ago was way more easy to exploit computers, we are better, not good enough but better
I'm positive, don't belive me look at my karma
So if you're such a badass programmer please link to your assembly-coded web browser that contains zero exploits. Oh, you don't have one and you're just a posturing tard? Yeah, that's what I thought.
While I'm all for tight code where every byte is important, one could just as well argue that languages used aren't high-level enough.
Operating systems and apps are often coded in languages like C or C++, that allow a lot of things, which turn into vulnerabilities down the road. Assembly is king of this: it allows a progammer to do anything, including things that aren't safe, smart or correct. No matter how good the code you produce or how comprehensive your testing procedures are, the sheer size of software systems guarantees a number of bugs to be lurking.
Personally I think that security is dead as long as these languages are the tools, testing code is the norm (vs. some sort of formal verification), and coders are looking for bugs rather than proving they're not there. Fixing this will take a combination of new methods for building software, new design principles to manage system complexity, and safe(r) languages to write the code in. There's a lot of research around (see seL4 microkernel or Coyotos for example), but results rarely finds its way into mainstream products. There's a long way to go still... or users just don't care enough.
Isn't your point about Chrome invalidated by your point about the time taken?
Did no one attack Chrome because none of these researchers had an exploit that would work against it?
There are no trails. There are no trees out here.
Chome is still a minority product. IE, FF and Safari are the main players these days. Where are you going to draw the line, Lynx? That fact is, the biggest browsers still have pathetic securit. Particularly Safari, which is beaten within seconds every year, and the usual winner stating there are tons of holes in it waiting for later competitions.
Chrome is more used than Safari.
I believe what you really meant to say was that we shouldn't fall into the trap of believing that Chrome is actually safer due to the fact that no one really targeted it in this contest.
I've done my share of "Digital Combat Exercises" and you are correct that we should only view the contest as a verification that flaws exist, and not as a certification that a particular platform is safe.
For my first competition, my team concentrated on all the windows machine on the network because we had a list of known exploits and figured that we could exploit them the quickest and therefore accumulate the highest score possible within the time limits. All teams used the same strategy, and the Linux machines weren't even targeted. This wasn't because Linux was safer, it was because we all knew Windows was a softer target. This made for a some very close final scores.
For the following year's contest (which I couldn't participate due to a schedule conflict), my old team paid attention to the known exploits for Linux and started targeting them to guarantee a larger lead going into the final minutes of the contest.
I think you'll see this pattern in all "hacker" contests. Each year more platforms will fall as each team strategize on what will give them the edge during the time alloted. You'll probably see Chrome fall next year. Look at Safari in Pwn2Own, it wasn't until 2 years ago before people started to seriously attack it for the points.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Chrome is in the list of targeted browsers, but apparently nobody tried it...
That's analogous to suggesting that getting rid of all the drug-sniffing dogs will cut down on drug smuggling. What kind of world do you live in where the argument "If I don't know about it, then it must not exist!" is considered logical?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Why would you ever imagine something called "Pwn2Own" might ever have credibility in the first place?
"However, neither the Firefox nor the IE 8 exploit could overcome the sandboxing features in Windows 7 Protected Mode."
big, good, relevant, no, yes?
You make it seem like there's more to the saying that we're supposed to recall. Like, we lean back and think for a second, and then our eyes light up as we have an epiphany about how that multi-part proverb that relates to not killing the messenger is the perfect metaphor for the OP's lack of analytical thought.
.
When, in reality, the entire proverb is:
Don't kill the messenger
So I vote we come up with some new clauses to add to that proverb. Like:
Don't kill the messenger, lest he rise from the dead with a hunger for brains.
Or:
Don't kill the messenger, because he might not have given you the whole message yet, in which case you have less information and so you might make an uninformed decision.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
In a related story, AT&T spins a lack of network coverage as a security feature!
As secure and hardened as they can make them, 100% standards compliant. And then cry and whine like little bitches as everybody sneers and calls them pathetic lamer noobs because their browsers totally suck at delivering content.
If you were blocking sigs, you wouldn't have to read this.
Assembler, by a rule, is just harder. Most 'programmers' couldn't understand the machine's native language if their life depended upon it. They are relying upon someone else's code to translate down to that, and if those methods are flawed they're screwed.
All security begins with the basics, and for computing devices, that basic is their native machine language. If you ignore the basics, you're going to be fucked later on.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I work silicon, not software. I don't get exploited, nimrod, because I leave nothing for anyone to exploit.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
This wasn't because Linux was safer, it was because we all knew Windows was a softer target.
Uh?
This wasn't because Linux was safer, it was because we all knew Windows was a softer target.
Whoa, whoa, WHOA. Just stop right there, Bill. I'm going to have to teach you a thing or to about what you're allowed to write here on Slashdot. Now give me a second to get on my high-horse.
Reasoning is not welcome here.
That's right Bill. We don't need your reasoning here. We know we are right. This is Slashdot! We are the tech community. We know our OSes. We know our software. Just because of some contest with some rules and some teams that want to win the contest by the rules doesn't automatically invalidate our knowledge and wisdom as Slashdot.
Linux is more secure because it is open source and licensed under the GPL. It doesn't matter if it is still unsafe by your standards.
You see, Bill, we on Slashdot do not need to review the source code of Linux because we have declared it safe. Why is it safe? Because it is GPL. And everyone knows the GPL is safe. Therefore Linux is safe, Bill.
IE8 is mentioned first because it is owned by Microsoft, and Microsoft is evil due to historical technology atrocities against other for-profit software corporations. Therefore IE8 is the worst piece of software ever to exist.
So the reason why IE8 falls faster is not because you and your team thought the Microsoft product was "softer". It was because it was the spawn of the devil! Even wackos know the spawn of the devil should be hacked first. Don't you agree?
Firefox is not listed in the title because we need to get a head start on bashing proprietary software rather than reading the summary.
As a real Slashdotter, I pride myself in not reading the article let alone the summary. The title effectively summarizes the direction of all comments in the thread. And that direction is to bash proprietary software, starting with Microsoft first.
Here's a tip, Bill. The headline on Slashdot should give you a hint at what kind of comment you should post on Slashdot. If you are not capable of discerning that from the title, only then may you read the summary. Reading the article is only reserved for picking out additional points to backup your original claim, not to invalidate Slashdot's wisdom. And that would never happen because Slashdot's wisdom is never wrong in the first place.
Apple and Google are bad... but did you know that OSX is really UNIX and Webkit and Chrome are open source?
See, once again open source products are good for you. You should use open source products!
I hope that clears things up, Bill. Please refrain from posting useless comments in the future.
Thanks,
/.
Are you just trying to further prove my statement that you're a posturing tard? Because you aren't doing anything to invalidate that. Until you can pump out a browser that can support all web standards and all the plugins that these browsers in all the assembly languages that these browsers support you're just a blowhard.
"If I don't know about it, then it must not exist!"
I gather that is a paraphrasing of "what you can not see can not hurt you", which is more accurately "what you can not perceive can not effect you" which oddly enough is an actual fact.
Now I'm not saying this is how we should handle security, just say it is actually a valid statement.
It's also not what the GP was saying. They were saying that if we kill all the people that are smart enough to exploit the security holes then we would need not be concerned with anyone exploiting those security holes. Which also happens to be a fact, but seems like a lot of wasted intelligence.
The folks who make Exploder 8
vs.
The folks who make Firefox
Putting all the server/database exploits aside. The whole client process of pushing a value in and seeing if it breaks will never go away. Web browsers are one of the worst possible tools to secure. The nature of their job seems to predict failure. As soon as some creative web monkey pushes the envelope another exploit is found. The Gecko and Trident engines can be pushed to break over and over. Chrome and Safari are not any different. You can follow the standards as much as you like. At the end of day these tools are reading XML and Script and rendering/compiling. If you consider a browser for what it is, most of them have come a long way. I remember when a harsh sneeze would cause catastrophic failure and crashing =)
LMFAO. If I could, I would mod you funny.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
It's not that I can't understand it, it's that I can't read it. Alas, I simply cannot tell the difference between 2.8V and 0V.
I can't perceive hydrogen sulfide gas, but it can sure as hell affect me.
Just FYI, you don't get that many characters to work with in Slashdot headlines. They actually couldn't have listed all of them, so they appear to have listed as many of the shorter names as they could in the headline.
Try submitting a story sometime and you'll see what I mean...
How about:
IE8, Safari, FF, iPhone All Fall At Pwn2Own
It has fewer characters.
Or, focus on one area: IE8, Safari, Firefox all Fall At Pwn2Own
And they didn't bother to mention Firefox in the description either, which clearly had enough space to include the word "Firefox."
So if you're such a badass programmer please link to your assembly-coded web browser that contains zero exploits. Oh, you don't have one and you're just a posturing tard? Yeah, that's what I thought.
You don't have to be a master of the subject to be able to point out it's flaws. Pointing them out helps to see the problems so they can be fixed. I can tell when a cars engine is not working, doesn't mean that I shouldn't keep quiet about it if I can't build a better one.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
Chrome (on Windows) came out of beta back in 2008.
Why would anyone engrave "Elbereth"?
"But that's not a W3C standard! We shouldn't parse that, that would be immoral!"
Software Engineering is an engineering discipline.
Only when it applies "technical, scientific, and mathematical knowledge to design and implement materials, structures, machines, devices, systems, and processes that safely realize a desired objective or invention."
http://en.wikipedia.org/wiki/Engineering
Most coders don't do engineering, and that's part of the problem. In most other disciplines there are also standards:
I really hate to point this out but ... there are two reasons that, in other
engineering and technological fields, we *do* manage to avoid repeating at
least the reasonably common mistakes:
1. We develop standards and practices that have the force of law.
Electrical circuitry in houses is subject to a variety of such standards.
So is plumbing. [...]
2. We require training and passing of exams *on those standards and
practices*. We enforce this requirement by requiring licenses to work in
many fields - and those licenses depend on passing the exams. [...]
We in the software industry have been leading charmed lives for many years.
We've managed to avoid liability, avoid serious training in good practices,
avoid any kind of standards - all by arguing that this would cramp our style
and keep us from continuing to innovate. Maybe that's true - but we've been
building up a massive debt side by side with all that innovation.
Eventually, that debt's going to come due. If we don't clean up our own
mess, the greater society will come along and do it for us - and the results
won't be pleasant.
Actually, I bet their browsers are gonna suck at security too. It's much easier to find one exploit from 1 million lines of code than to make sure your 1 million lines of code have absolutely no security holes.
Isn't your point about Chrome invalidated by your point about the time taken?
Did no one attack Chrome because none of these researchers had an exploit that would work against it?
I'd like to see whether the exploit was specific to WebKit or the Cocoa layer.
Yeah... with that attitude I wouldn't be surprised to find out that you're the one responsible for the f00f bug.
Bad example since hydrogen sulfide has a very distinctive smell and a direct affect on the nervous system, the system responsible for perception. But excusing that obvious slip, how would you know that something had an effect on you if you could not perceive it?
If you believe wikipedia on its origins, the whole thing might actually be "don't kill the messenger because he's not lying" (In Henry IV, they threaten to kill the messenger because they don't believe his message) .-* The More You Know.
Sure, you can shut your eyes and refuse to perceive the 2-tonne grizzly bear coming to disembowel you, and in that manner it can't effect you. Yet. Until it reaches you and you realise that the feeling of being ripped to shreds as well as your subsequent death is not something you can refuse to perceive. Oh, you wanted a car analogy?
Or, even more accurately, "what you cannot perceive cannot affect you."
Middle management.
It's not that I can't understand it, it's that I can't read it. Alas, I simply cannot tell the difference between 2.8V and 0V.
That's actually easier to tell than you think.
Man who leaps off cliff jumps to conclusion.
>Most 'programmers' couldn't understand the machine's native language if their life depended upon it.
If only that was the criteria for being a programmer, then we wouldn't have to worry about job security.
Whoever modded me a troll obviously did not read the links that I posted. It is a real issue and affected my development environment at work. My 32bit workstation is quite stable but a project that I am working on requires access to copies of production data so we have to do our development on VMs in a separate dev domain and the VM I was given is 64bit to match our target servers. I have useable stability on my VM several hours at a time as long as I run VS 2008 only through that wrapper program and don't kick off the full build script. Eventually, memory corruption problems will bring down either SQL 2008 management studio (has 32bit components) or my wrapped VS 2008 instance. Once the memory is corrupt, I have to reboot the VM.
Jesus was a compassionate social conservative who called individuals to sin no more.
"They are relying upon someone else's code to translate down to that, and if those methods are flawed they're screwed....If you ignore the basics, you're going to be fucked later on."
And the machine code depends on logic circits which in turn depend on complex software tools that design those circits, which depend in turn on, blah, blah, blah,.... Sooner or later you have to face the fact that if you can't trust anyone to do thier job properly then you're fucked before you even start.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
http://www.downloadsquad.com/2010/03/25/pwn2own-2010-google-chrome-is-the-last-man-standing/
Quote by Miller:
"There are bugs in Chrome but they're very hard to exploit. I have a Chrome vulnerability right now but I don't know how to exploit it. It's really hard. They've got that sandbox model that's hard to get out of. With Chrome, it's a combination of things - you can't execute on the heap, the OS protections in Windows and the Sandbox."
I don't get exploited, nimrod
I don't think Nimrod means what you think it means.
This ain't rocket surgery.
As another poster vamman put it the very nature of what a browser tries to do is a time bomb.
The very nature of a web server is the same thing.
Until the web gets itself under control and the people who write browsers and the people who write web servers tell the wc3 to shove their wildly horrible specs straight up their ass ( yes a lot of it will be recursive ) we will continue to see this sort of thing.
Computers were never designed to be infinitely flexible which is to say dealing with things like xml and html that are not well formed, defined and encapsulated in a rigid structure. both xml and html are completely open ended structures with no real boundaries to bump up against, so the machine simply has to keep allocating and allocating until it finds something the closes a section. If their was ever a recipe for a buffer overrun or a stack overflow this is certainly it.
Web servers still seem to have trouble caging the requests, again part of the indefinitely flexible nature of what has been built. Why of course you will accept a request that is 90kb long, uhmmm oops wait I just exploded.
There are parts of the web mechanism that must be tightly controlled, they must be highly defined and yes they must be highly restrictive. They must be designed with security as the over riding priority and to hell with convenience . Buffer overflows must simply cease to exist. ANY portion of the code that deals with requests coming in must have hard limits built into it as this the only way to get a handle on this.
The same thing with browsers. There must be hard limits, the rules have to be made and maintained. No more slipping in some code to be able to say, "Hey look at this cool thing I just did!"
Hey KID! Yeah you, get the fuck off my lawn!
The WC3 is the problem. Constantly changing specs, incomplete specs, open ended structures, nothing particularly well defined. The whole "We want it to be able to anything, no matter how hideously deigned it is." attitude has to be defeated at all costs. Hmmmm havent seen the tag yet? Don't worry it will come along any minute now as memory gets consumed at insane rates and the stack overflows or a buffer does.
Failure to do so will simply keep the cycle going.
Hey KID! Yeah you, get the fuck off my lawn!
Not at 3GHz.
Real developers have electrodes attached to their head so that they can read the native machine code directly.
surely a real programmer would lovingly handcraft each bit onto the microprocessor?
failing that I would be interested in seeing this represented through LOGO.
Do you believe that security would be better if applications were coded in assembly, rather than higher-level languages?
I can't see why assembly language makes any difference to coding standards and practices. You can screw up in assembly just as easily as C++, and generally assembly is harder to debug.
Hardware exploits are typically much harder to accomplish versus software, generally because of the straightforward layout of the circuits versus the convoluted nature of software programming.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
If you understand the native language for your target machine, you're better off. If the iPhone kept to the same hardware and only updated hardware revisions every once in a while unlike the current every six months or a year nonsense, it wouldn't be too terribly difficult to write bulletproof code and apps.
Yes, since in order to understand assembler you need to understand both the hardware itself and it's actual physical limitations, and you need to know the language.
I've got a recompiled MenuetOS install on my desktop, built by a friend of mine that knows a fair bit more about AMD64 than I. I've purposely left it wide-open direct-connect to the cable modem and invited people to hack it when I feel like testing a new module he's made. I still do. It's been bulletproof. I'm waiting for his router module/frontend with much anticipation, as I'm getting sick of my Linksys with DD-WRT and it's being written for Atheros.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
It should be noted that they didn't get out of the sandbox of IE8, either. They managed to run arbitrary code within the sandbox, dodging OS protections against that (ASLR & DEP), but it still runs with permission of sandbox identity, which are severely limited - not the user who's running the browser.
Or, focus on one area: IE8, Safari, Firefox all Fall At Pwn2Own
They did focus on one area, the commercial one.
It was very sad that Linux wouldnt be allowed in this year as opposed to last time when nobody could crack it. Regardless of how you measure market penetration its nice to have it there as a reference point. Anything you pay for should be much better than something you can get for free.
Chrome has an excellent sandbox, especially compared to IE8 and Safari which makes exploiting stuff very hard even if you know of an open exploit. That nobody even bothered is a testament to that it really works. Nobody hacks at pwn2own, its done long before the competition starts in reality.
Google Chrome OS is something really interesting and everything up until now points to it becoming one of the most secure OS in a long time. While MacOS X and Windows 7 is a pile of ugly hacks Chrome OS seems to be built on excellent foundation from a security viewpoint. I really like it how they take the user out of the equation, just in line with Microsofts security researchers (that Microsoft never seems to listen to).
http://blogs.techrepublic.com.com/security/?p=3275&tag=nl.e036
HTTP/1.1 400
I normally don't write these comments, but this time I make an exception: that was hilarious! Thanks for that!
You made one mistake though. This is wrong:
This is Slashdot!
It needs to be:
THIS! IS! /.!
How can you say that Windows is a "softer" target than Linux, but Linux is not "safer"? Surely having more exploits that are easily available to any cracker is less safe.
But do correct me if I misunderstand.
Isn't that what I just said, or where you just trying to supply an illustrative example for those that couldn't understand the simplified form?
Whooooosh
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Indeed. Writing a web browser is bloody nasty work. Even the standards are hellish to have to implement, and then there is all that non-standard crap floating around the web that you're supposed to be able to handle. To make things worse, to make your browser usable you must also write pretty performant code. And you have to be able to stand up to the flak you will get if you don't beat the competition on JavaScript benchmarks and Acidn tests, don't have someone's favorite Firefox extension available, or don't run on someone's favorite platform. And even if you work with a team of demi-gods and somehow accomplish all that, your browser will still be susceptible to vulnerabilities in plugins and in libraries that it uses.
Really, I have immense respect for the developers of today's leading web browsers. It's a herculean task, and I know it. Keep it up, fellows!
Please correct me if I got my facts wrong.
Funny enough your UID is much higher than his.
Oh, maybe that was what you said. I assumed you meant "what you can not perceive [now] can not effect you [in the future]". Hence the example, which was just pointing out that things can force you to perceive them (which is I guess a sort of effect on you), even if you can't yet perceive them.
Anyway...
I don't even see the code any more, just blonde, brunette, redhead...
If you don't know where you are going, you will wind up somewhere else.
Per my subject-line above? Here is why (& it's the same general reason Linux isn't hit as much as Windows is really - "security-by-obscurity"):
PERTINENT QUOTE EXCERPT (RIGHT FROM THE GENT WHO WAS IN THIS COMPETITION & DID WELL @ IT):
----
http://www.theregister.co.uk/2010/03/25/pwn2own_2010_day_one/ [theregister.co.uk]
"The problem Microsoft has is they have a big market share, said Vreugdenhil, the hacker who attacked IE. "I use Opera, but that's basically because it has a tiny market share and as far as I know, nobody is really interested in creating a drive-by download for opera. The web at the moment is pretty scary, actually."
----
And, there you are: The actual "hacker/cracker" (security-researcher, whatever you wish to call he in this case) shows you EXACTLY why he uses Opera himself (less targetted, period, because less used).
APK
P.S.=> You guys have to try to understand the mindset of these online malware distributors/botnet masters/exploiters of webbrowsers & such: They are JUST LIKE PICKPOCKETS!
E.G. #1 of 2 (by analogy) -> Pickpockets don't go for "1 on 1" situations, for 2 reasons - probably not as much of a "take"/booty possible, from 1 wallet, vs. an ENTIRE ROOM OF WALLETS (like a subway station or any public thoroughfare, more "target surface area present" is why)... they're criminals online, just like pickpockets are in the streets, & they use the SAME LINE OF REASONING TOO + GENERAL MODUS OPERANDI/MECHANICS, which is "go where the largest crowds gather, because therein lies the MOST OPPORTUNITY"... & if my word's not enough? See the quote above
E.G. #2 of 2 (by analogy) -> So, by the same token & logic above (which criminals all seem to use really) - hacker/cracker types find code that exploits this stuff (scripting problems, fuzzing, SQL Injection etc. et al) & they target the browsers that get used, THE MOST - again, & IF my words ARE NOT ENOUGH? See the same reasons, from the ones doing the hacking/cracking, above & verbatim... apk
I did not know the rules of the Pwn2Own contest, so came up with some things that sounded reasonable:
- first hack counts for more than later hacks.
- new exploits count for more than old ones.
- teams succeeding on a given target (be it OS, service, whatever) split a pool of points; the more teams that target a system, the lower the value overall would be.
Looking at Tipping Point's Pwn2Own 2010 page, I find that they took on most of that:
- (it looks like) first hack on a platform gets all the marbles; no counter-weighting appears to have been done for multiple successes against the same target.
- platforms are weighted, presumably (but not necessarily) in difficulty.
As to "Linux vs Windows", I suppose you might count OS X in that category, as well as Android. I don't personally know if any of the other phones are Linux based. But the only general purpose computer + browser platforms in the browser category were windows and mac.
"You don't get it, do you?" - by turbidostato (878842) on Thursday March 25, @09:17PM (#31620558)
No, he doesn't... want ANOTHER example of it, turbidostato, just for laughs? Ok, take a read in the URL from this site, just before he posted his b.s. here too now which you responded to! It ought to be worth a laugh to you, because it was to me & others in that exchange:
I posted this:
http://tech.slashdot.org/comments.pl?sid=1592276&cid=31583826
See that URL above turbidostato, & the mistakes + name-calling & more that geekboy resorts to when he is caught making mistakes, and spouting absolute b.s. on topics of which he has no clue!
It's amazing.
That URL above's also where this bigmouth "script kiddie" who calls himself "geekboy" here was torn apart, point by point he made, not only by myself but also 2-3 others also...
Yet "somehow"? Geekboy got himself "modded up" to +4 informative... yea, "big-trick", that: He obviously keeps more than 1 account & trolls others, and then logs on from his other account and mods himself up.
I mean, lol, for instance - when myself and 2-3 others shot down points, & a couple on which he made mistakes on, admittedly on his part no less... he ends up with a "mod up" for being INCORRECT?? Please...
APK
P.S.=> Give us a break, geekboy - you're not fooling anyone here... apk
Depends on the TYPE of process though man... to be specific about it:
"It cannot. An NT process cannot "corrupt" (whatever that means in this context) the memory space of another process." - by shutdown -p now (807394) on Thursday March 25, @10:39PM (#31621230)
A device driver can... just so you know.
I.E.-> A device driver can reach into ANY usermode/Ring3/RPL 3 level running process & its memory space, & drivers have access to ALL SYSTEM MEMORY (like kernel mode/Ring 0/RPL 0 running programs (drivers & kernel) do))... &, iirc, even KERNELMODE/Ring 0/RPL 0 privelege/ring level process too (like the OS kernel & its subsystems).
APK
P.S.=> This is why MS made the DDK have "proven basic templates" for drivers - for proven working with BASIC functionality to a particular driver type, so board/card makers @ least have a working shot @ a working driver w/ basic functionality working, like VGA mode for instance, for vidcards (then, OEM's with more "enhanced boards" work on providing interfaces (.h files & such usually) to the more advanced/enhanced/exotic functions their boards (if it is a board that actually POLLS a card's interface that is, because there's also filtering drivers too))... apk
Oh, of course. Since we're talking about browsers, though, userspace is definitely assumed here.
"Oh, of course. Since we're talking about browsers, though, userspace is definitely assumed here." - by shutdown -p now (807394) on Friday March 26, @02:40PM (#31630300)
Cool, then "we're on the same wavelength here"... & it NEVER HURTS to be "specific" (lol - especially around HERE! Nitpickers abound, & worse ones than myself!)
APK
Chrome for Windows might be more used than Safari for Windows, but Safari is far more used than Chrome.
An easier way to say this is "One man's shitty work leads to another's."
Humans are terrible replicators of Godly things.
That won't matter unless they can get out of Chrome's sandbox.
There are no trails. There are no trees out here.