barbastrumf
Μέλος
- Εγγρ.
- 5 Απρ 2009
- Μηνύματα
- 12
- Like
- 0
- Πόντοι
- 0
Μάλλον μαλακίες λες. Το link που δίνεις δεν σε αναφέρει.
Ποιόν browser χρησιμοποιείτε;
- Μέλος που άνοιξε το νήμα Galb
- Ημερομηνία ανοίγματος
- Απαντήσεις 443
- Εμφανίσεις 23K
- Tagged users Καμία
- Βλέπουν το thread αυτή τη στιγμή 1 άτομα (0 μέλη και 1 επισκέπτες)
εμενα δε μου τον γνορισεσ,θα καναμε επαγκελματικο μιτριν
χαχαχα κ πάλι σ' ευχαριστώ
Πρέπει να παραδεχτώ ότι κι εμένα μ' αρέσει ΠΟΛΥ το γλύψιμο... αχχ τι να σου κάνω που είσαι αγοράκι, αλλιώς θα σε είχα συνέχεια στην πίπα!
amjik
Τιμημένος
- Εγγρ.
- 12 Μαΐ 2008
- Μηνύματα
- 45.632
- Κριτικές
- 61
- Like
- 43.350
- Πόντοι
- 22.785
αφτο δεν ινε εβγενικο
οχ ,σεμνα κε ταπινα να προσεχοχαχαχα κ πάλι σ' ευχαριστώ
Πρέπει να παραδεχτώ ότι κι εμένα μ' αρέσει ΠΟΛΥ το γλύψιμο... αχχ τι να σου κάνω που είσαι αγοράκι, αλλιώς θα σε είχα συνέχεια στην πίπα!
το κολιτο σου στιλε τον θελο να τον προσλαβο,θα του παρο σινεντεφκσι,θα το κερασο κε κοτο
Μάθε να διαβάζεις ΠΡΟΣΕΧΤΙΚΑ κ να εκφράζεσαι καλύτερα...
Πρώτη φορά σε διεθνές επίπεδο κορυφαίοι επιστήμονες από το χώρο της τεχνολογίας, της πληροφορικής και των κοινωνικών επιστημών, καθώς και εκπρόσωποι του επιχειρηματικού κόσμου και του πολιτισμού, κατέθεσαν τις απόψεις τους για θέματα πολιτισμού και τεχνολογίας, αλλά και για την ανάπτυξη της Επιστήμης του Web (Web Science).
barbastrumf
Μέλος
- Εγγρ.
- 5 Απρ 2009
- Μηνύματα
- 12
- Like
- 0
- Πόντοι
- 0
Και εσύ είσαι μεγάλο σκατό. Εξού και το ''βόθρος''.
Πρόσεχε τις εκφράσεις σου!
Διάβασε ΠΡΟΣΕΧΤΙΚΑ τους Κανόνες Λειτουργίας του Forum, αν θες να συνεχίσεις να συμμετέχεις...
6. Μη χρησιμοποιείτε εκφράσεις που προσβάλλουν:
-Ομάδες ατόμων (π.χ. θρησκευτικές, φυλετικές κ.ά.)
-Δημόσια Πρόσωπα
-Την προσωπικότητα, τιμή, ή υπόληψη προσώπων.
-Άλλους χρήστες του site
Διάβασε ΠΡΟΣΕΧΤΙΚΑ τους Κανόνες Λειτουργίας του Forum, αν θες να συνεχίσεις να συμμετέχεις...
6. Μη χρησιμοποιείτε εκφράσεις που προσβάλλουν:
-Ομάδες ατόμων (π.χ. θρησκευτικές, φυλετικές κ.ά.)
-Δημόσια Πρόσωπα
-Την προσωπικότητα, τιμή, ή υπόληψη προσώπων.
-Άλλους χρήστες του site
- Εγγρ.
- 7 Σεπ 2005
- Μηνύματα
- 21.236
- Κριτικές
- 492
- Like
- 38.334
- Πόντοι
- 42.697
Φοβερά τεκμηριωμένη και επιστημονική απάντηση!
pathos gia ta temachia
Τιμημένος
- Εγγρ.
- 16 Φεβ 2009
- Μηνύματα
- 11.388
- Κριτικές
- 132
- Like
- 149
- Πόντοι
- 2.266
lex80
Τιμημένος
- Εγγρ.
- 10 Μαρ 2008
- Μηνύματα
- 2.354
- Κριτικές
- 53
- Like
- 3
- Πόντοι
- 2.310
καλησπερα παιδια.
συμφωνα με το συνεδριο hacker που εγινε προσφατα, στο οποιο διαφοροι προσπαθησαν να παραβιασουν τους κανονες ασφαλειας των browser, ο μονος που εμεινε τελειως αλωβητος ηταν ο chrome της google.
ο safari χρειαστηκε μολις 10 δευτερολεπτα να παραβιαστει με τους mozilla firefox και internet explorer να ακολουθουν
συμφωνα με το συνεδριο hacker που εγινε προσφατα, στο οποιο διαφοροι προσπαθησαν να παραβιασουν τους κανονες ασφαλειας των browser, ο μονος που εμεινε τελειως αλωβητος ηταν ο chrome της google.
ο safari χρειαστηκε μολις 10 δευτερολεπτα να παραβιαστει με τους mozilla firefox και internet explorer να ακολουθουν
υπαρχει καποιο link?καλησπερα παιδια.
συμφωνα με το συνεδριο hacker που εγινε προσφατα, στο οποιο διαφοροι προσπαθησαν να παραβιασουν τους κανονες ασφαλειας των browser, ο μονος που εμεινε τελειως αλωβητος ηταν ο chrome της google.
ο safari χρειαστηκε μολις 10 δευτερολεπτα να παραβιαστει με τους mozilla firefox και internet explorer να ακολουθουν
Η ασφάλεια ΔΕΝ είναι μόνον θέμα του εκάστοτε browser αλλά ένα σωρό ρυθμίσεων... δείτε κι εδώ
lex80
Τιμημένος
- Εγγρ.
- 10 Μαρ 2008
- Μηνύματα
- 2.354
- Κριτικές
- 53
- Like
- 3
- Πόντοι
- 2.310
παραλειψης μου.
οριστε
[URL unfurl="true"]http://features.csmonitor.com/innovation/2009/03/24/browser-security-pwn2own-topples-all-but-chrome/[/url]
[URL unfurl="true"]http://arstechnica.com/security/news/2009/03/chrome-is-the-only-browser-left-standing-in-pwn2own-contest.ars[/url]
δυστηχως στα αγγλικα
και κατι ακομα. ο chrome απο προσοπικη μου εμπειρια ειναι πιο γρηγορος απο firefox ιδιος σε σελιδες με flash περιεχομενο αλλα ο safari αν θυμαμαι καλα τους εξαφανισε ολους οντας ο πιο γρηγορος. αλλα τι να το κανεις? χωρις ασφαλεια δεν πας.
οντως οι ρυθμισεις παιζουν ρολο αλλα και στο συνεδριο ειχαν ρυθμισεις ασφαλειας ;)
καλο but not so user-friendly,
seems like kiddy stuff to me
το "ζουμι" του θεματος, απο τα λογια καποιου hackerπαραλειψης μου.
οριστε
[URL unfurl="true"]http://features.csmonitor.com/innovation/2009/03/24/browser-security-pwn2own-topples-all-but-chrome/[/url]
[URL unfurl="true"]http://arstechnica.com/security/news/2009/03/chrome-is-the-only-browser-left-standing-in-pwn2own-contest.ars[/url]
δυστηχως στα αγγλικα
και κατι ακομα. ο chrome απο προσοπικη μου εμπειρια ειναι πιο γρηγορος απο firefox ιδιος σε σελιδες με flash περιεχομενο αλλα ο safari αν θυμαμαι καλα τους εξαφανισε ολους οντας ο πιο γρηγορος. αλλα τι να το κανεις? χωρις ασφαλεια δεν πας.
οντως οι ρυθμισεις παιζουν ρολο αλλα και στο συνεδριο ειχαν ρυθμισεις ασφαλειας ;)
There are bugs in Chrome, but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. They’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.
VANCOUVER, BC — At the CanSecWest security conference here, I got a chance to sit down with Charlie Miller, the researcher who broke into a fully patched MacBook machine using a Safari code execution vulnerability.
We discuss the state of Web browser security, the vulnerability marketplace and the need for anti-exploit mitigations on modern operating systems.
Ryan Naraine: So, what can you tell us about the vulnerability?
Charlie Miller: Not much. As part of the contest rules, I’m under NDA about the technical details. I can tell you the computer (MacBook Air) was fully patched. It was an exploit against Safari 4 and it also works on Safari 3. I actually found this bug before last year’s Pwn2Own but, at the time, it was harder to exploit. I came to CanSecWest last year with two bugs but only one exploit. Last year, you could only win once so I saved the second bug. Turns out, it was still there this year so I wrote another exploit and used it this year.
Does it work on Safari for Windows?
I don’t know. I didn’t look.
Did you consider reporting the vulnerability to Apple?
I never give up free bugs. I have a new campaign. It’s called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away. Apple pays people to do the same job so we know there’s value to this work. No more free bugs.
What’s the ballpark value of that Safari bug?
It was probably more than that $5,000 prize I won. It’s much less than the IE 8 vulnerability (exploited separately by Nils) by about a factor of ten. I could get more than $5,000 for it but I like the idea of coming here and showcasing what I can do and get some headlines for the company I work for (Independent Security Evaluators).
Why Safari? Why didn’t you go after IE or Safari?
It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.
It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it.
[ SEE: 10 questions for MacBook hacker Dino Dai Zovi ]
With my Safari exploit, I put the code into a process and I know exactly where it’s going to be. There’s no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don’t know where it is. Even if I get to the code, it’s not executable. Those are two hurdles that Macs don’t have.
It’s clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But that’s only half the equation. The other half is exploiting it. There’s almost no hurdle to jump through on Mac OS X.
What’s harder? Finding the bug or writing the exploit?
It’s changing. In the past, it was always hard to find bugs but once you found something, it was easier to write a reliable exploit. Now the (software companies) have gotten smart and they make it much harder to exploit. It’s hard to find a good bug these days and even harder to exploit and deal with all the mitigations. That’s why Dino (Dai Zovi) and I are a good team. He specializes in exploits and I can concentrate on finding good bugs.
On a scale of 1-10, how impressive was the Nils’ sweep of exploiting all three main browsers?
I was surprised. For IE 8, I’d give him a 9 out of 10. For Safari, maybe a 2. It’s just too easy to pop Safari. For Firefox on Windows, I give him a 10. That was the most impressive of the three. It’s really hard to exploit Firefox on Windows.
Really? What’s the difference between what you can do on IE but can’t do on Firefox?
The technique he used works against IE but not Firefox. It allows you to place code in a specific spot in memory. Mark Dowd and Alex Sotirov talked about this at last year’s Black Hat. You can use a technique to make .net not opt into the mitigations and jump over hurdled easily. With Firefox, you can’t do that.
For all the browsers on operating systems, the hardest target is Firefox on Windows. With Firefox on Mac OS X, you can do whatever you want. There’s nothing in the Mac operating system that will stop you.
You talked earlier about the value of vulnerabilities. Was it a surprise that he (Nils) basically gave up three “high-value” bugs for $5,000 each?
It’s clear he’s incredibly talented. I was shocked when I saw someone sign up to go after IE 8. You can get paid a lot more than $5,000 for one of those bugs. I’ve talked to a lot of smart, knowledgeable people and no one knows exactly how he did it. He could easily get $50,000 for that vulnerability. I’d say $50,000 is a low-end price point.
For the amount of time he spent to do what he did on IE and Firefox, he could have found and exploited five or 10 Safari bugs. With the way they’re paying $5,000 for every verifiable bug, he could have spent that same time and resources and make $25,000 or $30,000 easily just by going after Safari on Mac.
Google Chrome was the one target left standing. Surprised?
There are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. The’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.
[ SEE: Pwn2Own hacker: Apple Safari is 'easy pickings' ]
I might have this bug and I might be able to get code execution. But now you’r ein a sandbox and you have no permissions to do anything. You need another bug to get out of the sandbox. Now you need two bugs and two exploits. That raises the bar.
Coming in, when I posted my predictions, I didn’t think anyone would get go after Chrome, IE or Firefox. It’s all economics. It’s only hard or easy compared to what someone would pay. If Pwn2Own offered $1 million per bug for Chrome, there would be a line of people here looking to bankrupt them.
Are browsers generally getting better at securing Web surfers?
Browsers are so complex, it’s almost impossible to get everything right. With all that code and dependencies, it’s hard to be perfect. People said five years ago that buffer overflows would be solved by now. Well, they’re not. Bugs will always be there so it’s a smart move to work on mitigations and (anti-exploit) roadblocks.
Browsers do a better job of providing visual warnings of phishing and malware sites or poor SSL. It’s not enough but it’s better than nothing. I think what you see with Chrome and sandboxing, that’s where everyone needs to go. It’ll take a few years but that will have to be the standard.
We discuss the state of Web browser security, the vulnerability marketplace and the need for anti-exploit mitigations on modern operating systems.
Ryan Naraine: So, what can you tell us about the vulnerability?
Charlie Miller: Not much. As part of the contest rules, I’m under NDA about the technical details. I can tell you the computer (MacBook Air) was fully patched. It was an exploit against Safari 4 and it also works on Safari 3. I actually found this bug before last year’s Pwn2Own but, at the time, it was harder to exploit. I came to CanSecWest last year with two bugs but only one exploit. Last year, you could only win once so I saved the second bug. Turns out, it was still there this year so I wrote another exploit and used it this year.
Does it work on Safari for Windows?
I don’t know. I didn’t look.
Did you consider reporting the vulnerability to Apple?
I never give up free bugs. I have a new campaign. It’s called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away. Apple pays people to do the same job so we know there’s value to this work. No more free bugs.
What’s the ballpark value of that Safari bug?
It was probably more than that $5,000 prize I won. It’s much less than the IE 8 vulnerability (exploited separately by Nils) by about a factor of ten. I could get more than $5,000 for it but I like the idea of coming here and showcasing what I can do and get some headlines for the company I work for (Independent Security Evaluators).
Why Safari? Why didn’t you go after IE or Safari?
It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.
It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it.
[ SEE: 10 questions for MacBook hacker Dino Dai Zovi ]
With my Safari exploit, I put the code into a process and I know exactly where it’s going to be. There’s no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don’t know where it is. Even if I get to the code, it’s not executable. Those are two hurdles that Macs don’t have.
It’s clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But that’s only half the equation. The other half is exploiting it. There’s almost no hurdle to jump through on Mac OS X.
What’s harder? Finding the bug or writing the exploit?
It’s changing. In the past, it was always hard to find bugs but once you found something, it was easier to write a reliable exploit. Now the (software companies) have gotten smart and they make it much harder to exploit. It’s hard to find a good bug these days and even harder to exploit and deal with all the mitigations. That’s why Dino (Dai Zovi) and I are a good team. He specializes in exploits and I can concentrate on finding good bugs.
On a scale of 1-10, how impressive was the Nils’ sweep of exploiting all three main browsers?
I was surprised. For IE 8, I’d give him a 9 out of 10. For Safari, maybe a 2. It’s just too easy to pop Safari. For Firefox on Windows, I give him a 10. That was the most impressive of the three. It’s really hard to exploit Firefox on Windows.
Really? What’s the difference between what you can do on IE but can’t do on Firefox?
The technique he used works against IE but not Firefox. It allows you to place code in a specific spot in memory. Mark Dowd and Alex Sotirov talked about this at last year’s Black Hat. You can use a technique to make .net not opt into the mitigations and jump over hurdled easily. With Firefox, you can’t do that.
For all the browsers on operating systems, the hardest target is Firefox on Windows. With Firefox on Mac OS X, you can do whatever you want. There’s nothing in the Mac operating system that will stop you.
You talked earlier about the value of vulnerabilities. Was it a surprise that he (Nils) basically gave up three “high-value” bugs for $5,000 each?
It’s clear he’s incredibly talented. I was shocked when I saw someone sign up to go after IE 8. You can get paid a lot more than $5,000 for one of those bugs. I’ve talked to a lot of smart, knowledgeable people and no one knows exactly how he did it. He could easily get $50,000 for that vulnerability. I’d say $50,000 is a low-end price point.
For the amount of time he spent to do what he did on IE and Firefox, he could have found and exploited five or 10 Safari bugs. With the way they’re paying $5,000 for every verifiable bug, he could have spent that same time and resources and make $25,000 or $30,000 easily just by going after Safari on Mac.
Google Chrome was the one target left standing. Surprised?
There are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. The’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.
[ SEE: Pwn2Own hacker: Apple Safari is 'easy pickings' ]
I might have this bug and I might be able to get code execution. But now you’r ein a sandbox and you have no permissions to do anything. You need another bug to get out of the sandbox. Now you need two bugs and two exploits. That raises the bar.
Coming in, when I posted my predictions, I didn’t think anyone would get go after Chrome, IE or Firefox. It’s all economics. It’s only hard or easy compared to what someone would pay. If Pwn2Own offered $1 million per bug for Chrome, there would be a line of people here looking to bankrupt them.
Are browsers generally getting better at securing Web surfers?
Browsers are so complex, it’s almost impossible to get everything right. With all that code and dependencies, it’s hard to be perfect. People said five years ago that buffer overflows would be solved by now. Well, they’re not. Bugs will always be there so it’s a smart move to work on mitigations and (anti-exploit) roadblocks.
Browsers do a better job of providing visual warnings of phishing and malware sites or poor SSL. It’s not enough but it’s better than nothing. I think what you see with Chrome and sandboxing, that’s where everyone needs to go. It’ll take a few years but that will have to be the standard.
lex80
Τιμημένος
- Εγγρ.
- 10 Μαρ 2008
- Μηνύματα
- 2.354
- Κριτικές
- 53
- Like
- 3
- Πόντοι
- 2.310
μα αυτο το sandbox ειναι το προβλημα του. δεν λεω οτι δεν εχει ελλατωματα. αλλωστε σε πολλα πραγματα βρισκουμε λαθη. αν δεν μπορουμε να τα εκμεταλευτουμε ομως? στα ιδια μενουμε. σκοπος δεν ειναι να μην υπαρχει ουτε ενα ελλατωμα. και δεν γινετε κιολας αυτο. η μαγκια απο τις εταιριες ειναι να δημιουργησουν δυκλιδες ασφαλειας ετσι ωστε τα ελλατωματα να μην ειναι εκμεταλευσημα...
αν θυμαμαι καλα ο ιδιος hacker ειπε επισης πως καλο ειναι να συνδιαζεις chrome και internet explorer 7 για μεγιστη ασφαλεια. κριμα που δεν εγινε το τεστ με τον IE 8
Παρόμοια θέματα
