Overclock.net › Forums › Industry News › Software News › [ZDnet] Safari/MacBook first to fall at Pwn2Own 2011
New Posts  All Forums:Forum Nav:

[ZDnet] Safari/MacBook first to fall at Pwn2Own 2011 - Page 5

post #41 of 56
Trevor
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k @ 5.2GHz Gigabyte GA-P67A-UD4-B3 P67 2 x EVGA GTX 480 SLi Corsair 2x4GB 1600MHZ 
Hard DriveOptical DriveCoolingOS
64GB OCZ Agility 3 + 2x1TB F3 RAID0 Samsung DVD RW Corsair H70 w/ push-pull Scythe Typhoons Windows 8 64-bit 
MonitorKeyboardPowerCase
Asus 24" + Samsung 2333T Razer Blackwidow 2014 CoolerMaster SilentPro 1000W Modular Corsair 650D 
MouseMouse PadAudio
Razer Deathadder 2014 SteelSeries Asus Xonar DS + Sennheiser HD555 / FiiO E9 
  hide details  
Reply
Trevor
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k @ 5.2GHz Gigabyte GA-P67A-UD4-B3 P67 2 x EVGA GTX 480 SLi Corsair 2x4GB 1600MHZ 
Hard DriveOptical DriveCoolingOS
64GB OCZ Agility 3 + 2x1TB F3 RAID0 Samsung DVD RW Corsair H70 w/ push-pull Scythe Typhoons Windows 8 64-bit 
MonitorKeyboardPowerCase
Asus 24" + Samsung 2333T Razer Blackwidow 2014 CoolerMaster SilentPro 1000W Modular Corsair 650D 
MouseMouse PadAudio
Razer Deathadder 2014 SteelSeries Asus Xonar DS + Sennheiser HD555 / FiiO E9 
  hide details  
Reply
post #42 of 56
Quote:
Originally Posted by superhead91 View Post
This is what I was wondering. If the teams prepare exploits before the actual competition, then why is it such a big deal if the Safari was exploited first?

Zero day exploits are big news. Apple released a massive security patch before hand, so if the hackers were using an exploit that was patched they would have to try something else.


The IE exploit looks like it was more complicated as well. Its not something where just visiting a website can take over your system.
    
CPUMotherboardGraphicsRAM
Core i5 4670k ASUS Maximus VI Gene Gigabyte GTX 460 1GB Kingston Hyper-X 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 OCZ Vertex 3 WD6401AALS WD5000AAKS 
CoolingOSMonitorMonitor
Noctua NH-D14 elementary OS Dell Ultrasharp U2312HM LG W2442PA-BF 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 Corsair HX750W Corsair Graphite 600T Logitech G700 
Audio
ASUS Xonar DG 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i5 4670k ASUS Maximus VI Gene Gigabyte GTX 460 1GB Kingston Hyper-X 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 OCZ Vertex 3 WD6401AALS WD5000AAKS 
CoolingOSMonitorMonitor
Noctua NH-D14 elementary OS Dell Ultrasharp U2312HM LG W2442PA-BF 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 Corsair HX750W Corsair Graphite 600T Logitech G700 
Audio
ASUS Xonar DG 
  hide details  
Reply
post #43 of 56
Quote:
Originally Posted by superhead91 View Post
The dude knows operating systems... I doubt he would buy an operating system he thinks is crap... Sigh... Why can't Apple and Windows and Linux lovers all just get along... lol



This is what I was wondering. If the teams prepare exploits before the actual competition, then why is it such a big deal if the Safari was exploited first?
Because Apple hasn't been slapped around like MS was. MS is still "bad" but Apple is flat out robbing people blind. If I didn't fear that their actions are often imitated I would almost marvel at how good their PR department is.

It's not about who get's hacked first it's about how fast it can be done. I believe it was 5 seconds for the Mac? That's in a test environment so it could be longer in real life but still it gives an indication as to which one is easier to both discover, develop, and deploy security breaches of this nature.

But the greatest hack of all is social engineering. Nothing will ever fix the monkey behind the keyboard. (Says a monkey himself)
     
CPUGraphicsRAMHard Drive
Intel Core m3-6Y30 Intel HD515 8GB 1866DDR3L Micron M600 MTFDDAV256MBF M.2, 256 GB 
CoolingOSOSMonitor
Fanless Win10 Home x64 Kubuntu 16.04 (requires Linux kernel 4.5/4.6) 13.3 inch 16:9, 1920x1080 pixel, AU Optronics A... 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
Reply
     
CPUGraphicsRAMHard Drive
Intel Core m3-6Y30 Intel HD515 8GB 1866DDR3L Micron M600 MTFDDAV256MBF M.2, 256 GB 
CoolingOSOSMonitor
Fanless Win10 Home x64 Kubuntu 16.04 (requires Linux kernel 4.5/4.6) 13.3 inch 16:9, 1920x1080 pixel, AU Optronics A... 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
Reply
post #44 of 56
Quote:
Originally Posted by nathris View Post
Zero day exploits are big news. Apple released a massive security patch before hand, so if the hackers were using an exploit that was patched they would have to try something else.


The IE exploit looks like it was more complicated as well. Its not something where just visiting a website can take over your system.
Ahh... that makes more sense.
Sulaco
(14 items)
 
 
MacBook Pro
(4 items)
 
CPUMotherboardGraphicsRAM
Phenom II X6 1090T Asus Crosshair IV Formula Sapphire 7950 3GB 2x2GB Mushkin Enhanced Blackline  
Hard DriveOSMonitorPower
2x150GB Velociraptor RAID 0 | 2x1TB Hitachi Windows 8 Asus VH242H OCZ ModXStream 700W 
Case
Cooler Master HAF 932 
CPUGraphicsOSMonitor
Core 2 Duo P8400 GeForce 9400M OSX Yosemite 13.3" LED-backlit 
  hide details  
Reply
Sulaco
(14 items)
 
 
MacBook Pro
(4 items)
 
CPUMotherboardGraphicsRAM
Phenom II X6 1090T Asus Crosshair IV Formula Sapphire 7950 3GB 2x2GB Mushkin Enhanced Blackline  
Hard DriveOSMonitorPower
2x150GB Velociraptor RAID 0 | 2x1TB Hitachi Windows 8 Asus VH242H OCZ ModXStream 700W 
Case
Cooler Master HAF 932 
CPUGraphicsOSMonitor
Core 2 Duo P8400 GeForce 9400M OSX Yosemite 13.3" LED-backlit 
  hide details  
Reply
post #45 of 56
Quote:
Originally Posted by RonindeBeatrice View Post
My mother can create a document under her profile, she can delete it, she can run an application from there. Does she have full control of the machine?
"If your mother could create a document under another profile, delete it, and run an application under a different profile. Yes she has full control of the machine."

Sorry just had to correct what had actually happened with this happen so it could be related to your example with your mother.

@the permissions argument.

While yes there are different permissions for a system, the ability to run a program and write/read off a hard drive should be enough to run commands to clear any passwords off any user account, in particular administrative accounts. From there it should not be too difficult to do whatever one wished.


Quote:
Originally Posted by nathris View Post
Zero day exploits are big news. Apple released a massive security patch before hand, so if the hackers were using an exploit that was patched they would have to try something else.


The IE exploit looks like it was more complicated as well. Its not something where just visiting a website can take over your system.
More then likely the new Apple patch did nothing to the exploit used in the pwn2own event. Also the reason that was mentioned is because a lot of browser companies will update only after the pwn2own event, to prevent them from working hard to crack the new updates.
Edited by AsAnAtheist - 3/10/11 at 3:18pm
Sheep Prodigy
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7-960 4.3 ghz Gigabyte GA-EX58-UD4P AMD HD 6970 2GB GDDR5 2x4GB DDR3 1333 mhz 
Hard DriveOptical DriveOSMonitor
Samsung Spinpoint F3 1TB DVD/DW +- RW/ Bluray W7 64 bit 21.5" e-IPS U2211H 
KeyboardPowerCaseMouse
Dynex cheapie Antec TP-550W Corsair Obsidian 650D Logitech G500 
Mouse Pad
google o.o 
  hide details  
Reply
Sheep Prodigy
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7-960 4.3 ghz Gigabyte GA-EX58-UD4P AMD HD 6970 2GB GDDR5 2x4GB DDR3 1333 mhz 
Hard DriveOptical DriveOSMonitor
Samsung Spinpoint F3 1TB DVD/DW +- RW/ Bluray W7 64 bit 21.5" e-IPS U2211H 
KeyboardPowerCaseMouse
Dynex cheapie Antec TP-550W Corsair Obsidian 650D Logitech G500 
Mouse Pad
google o.o 
  hide details  
Reply
post #46 of 56
Quote:
Originally Posted by allenottawa View Post
So far the only uncrackable browser has been Google Chrome...
Didn't Google also pay for users to submit bugs as well? Maybe that help lol?
post #47 of 56
Last year MacOS was hacked using an exploit that had been known for years. Apple had been warned about it but simply refused to fix it. The criticism aimed at Apple are not because Windows is unhackable, but because Apple are so busy telling their customers what they want and don't want, while ripping them off, that they don't have time to fix known security holes. Releasing a massive security patch hours prior to the contest starts shows that had this competition not taken place the patch would never have been released. The problem is Apple want to control, not create quality products.
The girlfriend.
(15 items)
 
The Mistress
(13 items)
 
Media Server
(11 items)
 
CPUMotherboardGraphicsRAM
A8-6410 Lenovo Lancer 4B2 K16.3 R5 128 Shaders/M230 Hynix 8GB DDR3 1600 
Hard DriveHard DriveOSMonitor
Samsung 840 120 GB SSD Seagate Momentus 1TB 5400rmp Win 8.1 CMN1487 TN LED 14" 1366*768 
KeyboardPowerMouseMouse Pad
Lenovo AccuType 2900mAh/41Wh Elan Trackpad/Logitech M90 Super Flower 
Audio
AMD Avalon(Connexant) 
  hide details  
Reply
The girlfriend.
(15 items)
 
The Mistress
(13 items)
 
Media Server
(11 items)
 
CPUMotherboardGraphicsRAM
A8-6410 Lenovo Lancer 4B2 K16.3 R5 128 Shaders/M230 Hynix 8GB DDR3 1600 
Hard DriveHard DriveOSMonitor
Samsung 840 120 GB SSD Seagate Momentus 1TB 5400rmp Win 8.1 CMN1487 TN LED 14" 1366*768 
KeyboardPowerMouseMouse Pad
Lenovo AccuType 2900mAh/41Wh Elan Trackpad/Logitech M90 Super Flower 
Audio
AMD Avalon(Connexant) 
  hide details  
Reply
post #48 of 56
Surprised to not see the resident Apple name protectors not coming in to save the day yet.

I'm really not surprised by this though. Security experts have been saying for years how unsecured the mac os really is.
Hexa-potens
(0 items)
  
Reply
Hexa-potens
(0 items)
  
Reply
post #49 of 56
Quote:
Originally Posted by gbrilliantq View Post
Surprised to not see the resident Apple name protectors not coming in to save the day yet.

I'm really not surprised by this though. Security experts have been saying for years how unsecured the mac os really is.
I was thinking the same, then went on Dailytech and came across this article. That guy Pirks is so desperately trying to protect Apple he's really easy to wind up. I've never seen anyone go so berserk trying to defend a brand, the good thing is the way he's going he'll have a heart attack soon
The girlfriend.
(15 items)
 
The Mistress
(13 items)
 
Media Server
(11 items)
 
CPUMotherboardGraphicsRAM
A8-6410 Lenovo Lancer 4B2 K16.3 R5 128 Shaders/M230 Hynix 8GB DDR3 1600 
Hard DriveHard DriveOSMonitor
Samsung 840 120 GB SSD Seagate Momentus 1TB 5400rmp Win 8.1 CMN1487 TN LED 14" 1366*768 
KeyboardPowerMouseMouse Pad
Lenovo AccuType 2900mAh/41Wh Elan Trackpad/Logitech M90 Super Flower 
Audio
AMD Avalon(Connexant) 
  hide details  
Reply
The girlfriend.
(15 items)
 
The Mistress
(13 items)
 
Media Server
(11 items)
 
CPUMotherboardGraphicsRAM
A8-6410 Lenovo Lancer 4B2 K16.3 R5 128 Shaders/M230 Hynix 8GB DDR3 1600 
Hard DriveHard DriveOSMonitor
Samsung 840 120 GB SSD Seagate Momentus 1TB 5400rmp Win 8.1 CMN1487 TN LED 14" 1366*768 
KeyboardPowerMouseMouse Pad
Lenovo AccuType 2900mAh/41Wh Elan Trackpad/Logitech M90 Super Flower 
Audio
AMD Avalon(Connexant) 
  hide details  
Reply
post #50 of 56
Quote:
Originally Posted by allenottawa View Post
So far the only uncrackable browser has been Google Chrome...
its open source (well it has chromium)
Troublechild
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II 955 X4 ASUS M4A88TD-M EVO/USB3 MSI ATI 5670 1GB 4GB DDR3 1333 (2x2GB) 
Hard DriveOptical DriveOSMonitor
Western Digital Caviar 640 GB 7200 RPM SATA3 DVD+RW Windows 7 Ultimate 64 bit/Debian 86_64 Samsung 20" 
KeyboardPowerCaseMouse
Logitech wireless Arctic 500 Stock Logitech wireless 
  hide details  
Reply
Troublechild
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II 955 X4 ASUS M4A88TD-M EVO/USB3 MSI ATI 5670 1GB 4GB DDR3 1333 (2x2GB) 
Hard DriveOptical DriveOSMonitor
Western Digital Caviar 640 GB 7200 RPM SATA3 DVD+RW Windows 7 Ultimate 64 bit/Debian 86_64 Samsung 20" 
KeyboardPowerCaseMouse
Logitech wireless Arctic 500 Stock Logitech wireless 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [ZDnet] Safari/MacBook first to fall at Pwn2Own 2011