Warning to all Safari users.....
Pwn2Own hacker: Apple Safari is 'easy pickings'
Charlie Miller, the security researcher who won last year's Pwn2Own hacker contest, is predicting that Apple's Safari browser will be the easiest target this year.
In a note posted on the popular Daily Dave mailing list, Miller describes Safari as "easy pickin's" and forecasts that at least four zero-day Safari flaws will be used during the contest at CanSecWest later this month...
- Safari: hacked by 4 different people. Easy pickin's as usual.
- Android: hacked by 1 person. Not too tough but no one owns one.
- IE8, Firefox: Survive unscathed. The bugs to exploit equation is too hard for $5k.
- iPhone, Symbian: Survive due to non-executable heap.
- Blackberry, Windows Mobile, Chrome: I don't know enough to say anything intelligent. That said, they're probably hard/obscure and so survive.
Safari predicted to be the easiest target this year...
Discussions
10 years ago
WHAT!
Reply 10 years ago
Just make sure it stays up to date if you use it. ;-)
Reply 10 years ago
Ok thanks!
10 years ago
Hackers can get by anything no matter how hard people try to stop them. As long it's connected to the internet. It's just how much time and effort they are willing to spend.
Reply 10 years ago
Well, first off, those that hack, are not necessarily malicious, so if you mean malevolent hackers, known as Crackers, yes, there are ways to prevent pretty much anything except cracking from the actual physical location of the computer, but in nearly every one of those cases, it causes great inconvenience to the owner of the computer also. However, it really DOES have more to do with where one goes, and what one opens, then anything else; in the long run.
10 years ago
what is a good software for preventing this? Is macscan good? I currently use clamXav but doubt it really does anything.
Reply 10 years ago
A good firewall (like from CheckPoint) is a must. But the most important thing after having all the safety checks in place, is where one surfs, and what one opens (like what attachments and whose emails). The best thing one can do is to keep everything updated (patched). There are programs out there for those not savvy to computers, that will check to make sure you have the latest version and patches.
Reply 10 years ago
oh awesome! I will definitely check it out, thanks!
Reply 10 years ago
Tarzioo, the following is one I use to keep my programs up to date and patched....
Secunia PSI
10 years ago
Do you mean the hackers can get into people's computer via Safari?
Reply 10 years ago
yeppers...there was (possibly still is) a way to hijack via quicktime and such programs through their update utility(i think)...never think your safe...
Reply 10 years ago
Well, I am safe (for now). With help of little snitch, I now have manual control what information can come or leave my computer. In other words, I can deny my information going to a place with a very strange names and numbers together and allow my information pass to to a trusted place. It is hard work, but is is better than strangers reading your personal information.. :-)
Reply 10 years ago
the only safe computer is a computer that doesn't exist, while this is an exageration, it is very true....whats the program called?
Reply 10 years ago
The program is called Little Snitch
Reply 10 years ago
o...i see... :P
Reply 10 years ago
Until it is patched, and then it is patched until another weakness is found....
10 years ago
Safari may be the easiest, but is it likely to attract most attention? While IE still has the largest share surely it's still the biggest target?
L
Reply 10 years ago
yea thats more likely but anyway the easiest way to infect a large amount of users is making them download and run stuff volunteerly. no os and no surfboard and no antivirus can protect a dumb user (unless the computer or os is so limited that its technically impossible to run custom stuff on it - thats not the case with most devices)
Reply 10 years ago
As Ron White would say: you can't fix stupid....
Reply 10 years ago
YESS!....so true...so very true
Reply 10 years ago
Oh yes, circulating junk-e-mail for one. Embedding stuff in web-pages downloads and video clips is something else though, that's more like "keep to well-lit areas of the 'net". And you don't have to be so dumb to get caught by that sort of thing. L
Reply 10 years ago
downloads and video clips are actually something else. if i download a video clip and open it it opens in the video player and not as executable sure if my player has appropriate flaw (that can somehow make it execute binary code hidden in the video) i can get infected from it but its not really tricking me to run stuff on the computer
Reply 10 years ago
Some things do embed in video clips (I'm not going to research this now but I'm fairly confident it's true) This does count as tricking you to run stuff on the computer L
Reply 10 years ago
kinda like the 25th frame effect ?
Reply 10 years ago
. The 25th frame is a subliminal effect. L is talking about malware embedded in videos and other files. They cause the media player (or word processor, &c) to do bad things.
Reply 10 years ago
i would not call an exploited video tricking you to run stuff on the computer
tricking is when it actually tricks you to do something
what you mean is not tricking the user - its actually exploiting secuity issues of the computer and not its user
i expect my player to be secure. so i dont think twice before i open video files in it. i dont intentionally run stuff i downloaded and dont trust
Reply 10 years ago
(I forget, but you may be right there) L
Reply 10 years ago
Yes, but FF is always growing, and there are those that prefer easier targets over more widely used. Security by obscurity doesn't work.
Reply 10 years ago
"Miller exploited a Safari flaw" - the flaw will be fixed. Just as Microsoft fixes it's flaws when they are exposed. Using Safari doesn't put a person at any greater risk in real terms (over a reasonable period of time). L
Reply 10 years ago
Yes, it is as gmjhowe said, it is the user that creates most of the risk...online.
10 years ago
Well, if you read the full story, they didn't 'hack' it the quickest.
They used an existing security flaw, hence why more people managed it. The bug was already known. Its like hacking an OS, when you read about someone who had hacked the password.
Despite that, i do admit that safari is not perfect. I still prefer the security of Mac os x in general. Firevault is a great feature that mac has had for many years, and is finally being copied by windows.
note - i just wanted to comment and say my thoughts, i will not respond to any replies, as i don't wish to have windows fanboys flaming me
Reply 10 years ago
WTF WINDOWS > MACS LOL U SUCK MAC FANBOY LOL
(jk)
Reply 10 years ago
gmjhowe, shall we flag him? or flog him LOL
Reply 10 years ago
I would flag him, but because he said (jk), I am not too sure if I should do it...
Reply 10 years ago
It was a genuine jk.
Reply 10 years ago
macs > windows (yes,i've tried a mac but i use windows)
Reply 10 years ago
'Tis ok ;-) but you need to pick up a copy of The 2600 now and then ;-) One of the truest things ever said about anyone online is: the system believed to be completely secure is probably one of the most vulnerable.
Reply 10 years ago
Which is why although i am happy to have a secure system. A bigger truth is its not the system that makes a computer secure or vulnerable, Its the user.
Reply 10 years ago
Indeed, which is why my statement is so true.....you definitely GOT IT :-)
10 years ago
Why are so many people switching to macs? Aarrgh! (don't answer that question, I know why)
Reply 10 years ago
I want a mini.
Reply 10 years ago
Miller exploited a Safari flaw to hijack a fully patched MacBook Pro machine.
10 years ago
I have Firefox and iphone. Im safe.
Reply 10 years ago
Well, as noted elsewhere, those that feel secure, probably are the least secure...normally, users, are the main problem...
Reply 10 years ago
Reply 10 years ago
well, I think the main problem is my mom. She actually fell for a virus scan scam. Luckily she has a limited account and I stopped it.
10 years ago
GOOGLE HUSSLE AND GET CHROME FOR MAC OUT ALREADY!!
Reply 10 years ago
Last year, Miller exploited a Safari flaw to hijack a fully patched MacBook Pro machine.