Re: Highly-critical flaws found in Safari for Windows in Security

Re: Highly-critical flaws found in Safari for Windows in Security http://www.dslreports.com/forum/r20240107 en Thu, 21 Aug 2008 00:03:50 EDT Thu, 21 Aug 2008 00:03:50 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20256181 daveinpoway : Basically, you are correct.]]> http://www.dslreports.com/forum/remark,20256181 Mon, 31 Mar 2008 06:03:03 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20253930 RadioDoc :

said by daveinpoway

:

If you read carefully, he said that he chose OS X because he thought it would have been easier, but he (and probably other hackers) could have come up with something for Windows or Linux, also. Meaning here: if the contest hadn't been stopped once the Mac was taken over, one (or both) of the other computers would also likely have fallen. You said "The same thing did not happen to Vista or Linux", but the only thing that truly did not happen to the other 2 systems is that they were not the first to be hacked. This doesn't even begin to indicate that they are free of security problems.

Contest wasn't stopped. The Vista box didn't "fall" until the rules were relaxed and the prize reduced. Are you seriously suggesting that they did not go after the other two and just concentrated on the Mac?

The same thing didn't happen to the Vista or Linux box. The rules were relaxed. The Mac installation was compromised under tighter restrictions. No amount of apologistic, diversionary orating from the Mac camp can change it.
--
Toolmaster of La Grange.]]> http://www.dslreports.com/forum/remark,20253930 Sun, 30 Mar 2008 17:54:31 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20248031 daveinpoway : Update: I finally found a link to the article about an upcoming (supposedly) secure browser: »Is this the secure browser we've been waiting for?]]> http://www.dslreports.com/forum/remark,20248031 Sat, 29 Mar 2008 14:58:38 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20246921 Steve :

said by SUMware

:

Mac & Vista were hacked.

I guess the moral of this story is that if I can convince you to install an Adobe product, I can own your whole OS?]]> http://www.dslreports.com/forum/remark,20246921 Sat, 29 Mar 2008 11:05:11 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20246624 daveinpoway : It would seem to be a smart move for Mac users to change to a different browser until this Safari bug is patched by Apple. Once the iPhone (which uses Safari) was released last year, I was concerned that Safari would be getting too much hacker attention, so I changed the default browser on my Mac to Camino; this may not be much more secure than Safari, but it only has around a 1% browser market share, so I suspect that less folks would bother hacking it.

Also, anyone know what browser was on the Linux laptop which escaped unowned? I'll guess Firefox, but I don't know for sure. ]]> http://www.dslreports.com/forum/remark,20246624 Sat, 29 Mar 2008 09:56:26 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20246454 daveinpoway : You're right; I just read about that.]]> http://www.dslreports.com/forum/remark,20246454 Sat, 29 Mar 2008 08:51:31 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20246452 SUMware :

said by daveinpoway

:

if the contest hadn't been stopped once the Mac was taken over, one (or both) of the other computers would also likely have fallen.

Mac & Vista were hacked. Linux was not.
»Vista Hacked]]> http://www.dslreports.com/forum/remark,20246452 Sat, 29 Mar 2008 08:50:39 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20246203 daveinpoway : The reason I mentioned "100% security" is that unless a browser can achieve this level, then there will be at least one flaw that a hacker can exploit. Unfortunately, advertising hype notwithstanding, there is no flaw-free software product presently out there, from Apple, Microsoft, or anyone else.

If you read carefully, he said that he chose OS X because he thought it would have been easier, but he (and probably other hackers) could have come up with something for Windows or Linux, also. Meaning here: if the contest hadn't been stopped once the Mac was taken over, one (or both) of the other computers would also likely have fallen. You said "The same thing did not happen to Vista or Linux", but the only thing that truly did not happen to the other 2 systems is that they were not the first to be hacked. This doesn't even begin to indicate that they are free of security problems.]]> http://www.dslreports.com/forum/remark,20246203 Sat, 29 Mar 2008 05:58:57 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20245393 mikenolan7 : The biggest security flaw in Apple's products is that they have convinced many of their customers that they are somehow immune from malware. That's a ridiculous assumption for anything plugged into the internet sporting a gui and full featured web browser. Apple makes a good product, but users that think they are immune are a security risk for everyone.]]> http://www.dslreports.com/forum/remark,20245393 Fri, 28 Mar 2008 23:45:33 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20242800 RadioDoc : If you didn't see it, try again. You might open your eyes.

Neither of the other platforms suffered this fate. Considering the massive amount of attention paid to browser security both at the consumer and vendor level, Apple releasing such a flawed product in 2008 is a huge deal. Maybe in 2002 this would be understandable or even acceptable, but certainly not today. This is a comparative issue. Your attempt at changing the subject to "100% security" is indicative of a flawed argument.

Firefox is a third party product. It is not bundled with any OS. Maybe when installed on a computer it opens security holes, but that it certainly not the subject of yesterday's challenge. In fact, it would be today's.

Apple ships Safari with OS X, and it is enabled by default. It is essentially part of every Mac. Apple's advertising implies that their product is "safe" and "just works". Safari is probably one of the first programs run on a new Mac. A new user, lulled into a false sense of security, could easily get themselves into trouble by merely websurfing. I don't see that in any Apple ads.

This boils down to a major fault in Safari and OS X. One which should be treated as serious and not downplayed with irrelevant comparisons to unrelated scenarios. The same thing did not happen to Vista or Linux. That's the bottom line.
--
Toolmaster of La Grange.]]> http://www.dslreports.com/forum/remark,20242800 Fri, 28 Mar 2008 16:16:10 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20242674 daveinpoway : I looked back over my comments, and I fail to see where I said (or implied) that Apple is 6 years behind anyone. Given that browser flaws are being patched all of the time (as an example, Firefox is praised by many folks in this forum, yet it just received an update this week which addressed some security problems), I fail to see how a current security issue puts Apple any number of years behind anyone else. If I'm wrong, please correct me.

Unfortunately, "at this state of the art", none of the browsers we depend on are completely secure, nor should we expect them to be (if you know of one with 100% security, please tell me, so I can start using it). Given enough time, expertise and motivation, I'm sure that hackers can find exploitable bugs in every single one of them (and, in fact, they have). I recently read that hackers are switching their attention from operating systems to other applications (such as web browsers), so the problem may well get worse.

Having said this, do I believe that Apple (and other companies) should do better? Of course I do!]]> http://www.dslreports.com/forum/remark,20242674 Fri, 28 Mar 2008 15:57:55 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20242401 RadioDoc :

said by daveinpoway

:

Before jumping all over Apple, keep in mind that pretty much all browsers (IE, Firefox, Safari, etc.) have had (and received patches for) security problems.

Well, at this state of the art, and especially in Apple's case considering their arrogant, smug advertising campaigns promoting themselves as the purveyor of "safe" and "just works" computing, they had damn well better make sure Safari is not susceptible to such things when it is the default browser supplied with the OS.

Basically what you are saying is Apple's browser and OS is about six years behind Vista and Linux.
--
Toolmaster of La Grange.]]> http://www.dslreports.com/forum/remark,20242401 Fri, 28 Mar 2008 15:18:19 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20240107 SipSizzurp :

said by Steve

:

Do all browsers come with an arrogant, hubris-filled user base?

No, just the browsers of other forum sites have that problem. :o]]> http://www.dslreports.com/forum/remark,20240107 Fri, 28 Mar 2008 08:42:34 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20239996 Steve :

said by daveinpoway

:

Before jumping all over Apple, keep in mind that pretty much all browsers (IE, Firefox, Safari, etc.) have had (and received patches for) security problems. .

Do all browsers come with an arrogant, hubris-filled user base?]]> http://www.dslreports.com/forum/remark,20239996 Fri, 28 Mar 2008 08:12:22 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20239833 daveinpoway : Before jumping all over Apple, keep in mind that pretty much all browsers (IE, Firefox, Safari, etc.) have had (and received patches for) security problems. The 100% secure browser does not exist yet (with the possible exception of something I was recently reading about, but I have been unable to locate a link to the article on the Internet, so I have been unable to post it here).]]> http://www.dslreports.com/forum/remark,20239833 Fri, 28 Mar 2008 06:51:07 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20237296 SUMware :

said by RadioDoc

:

Looks like Safari may have upset the Apple cart. An undisclosed flaw has allowed OS X to be taken over just by visiting a website.

Yep. Info here:
»Hackers to challenge Windows, Mac OS X and Linux next week]]> http://www.dslreports.com/forum/remark,20237296 Thu, 27 Mar 2008 19:24:51 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20237275 RadioDoc : Looks like Safari may have upset the Apple cart. An undisclosed flaw has allowed OS X to be taken over just by visiting a website.

Not a good day in Cupertino, methinks.
--
Toolmaster of La Grange.]]> http://www.dslreports.com/forum/remark,20237275 Thu, 27 Mar 2008 19:21:40 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20235735 Transmaster : I have been using Safari it just to see what it is like, it is OK but I am not going to blow out FireFox anytime soon. I wonder if the Apple fanatics are despondent that Apple has done this...this traitorous action :( :)
--
Send a prayer to Allah, eat Beans.]]> http://www.dslreports.com/forum/remark,20235735 Thu, 27 Mar 2008 15:24:43 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20232195 EGeezer : Well, April 1 is less than a week away :D ]]> http://www.dslreports.com/forum/remark,20232195 Wed, 26 Mar 2008 23:48:57 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20232097 bcastner : We must be facing some similar broad joke.

From, as Steve

posted above, the Apple EULA forbidding the installation of Safari on non-Apple computers, even as it pushes Safari down their throats; to the notion it is appropriate to discuss the haircuts of security experts.

Truly one for the record books, anyway, for this Forum.]]> http://www.dslreports.com/forum/remark,20232097 Wed, 26 Mar 2008 23:32:52 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20231252 Steve : This is really a moot point, because Apple's EULA say You can't install Safari for Windows on Windows anyway...

:-)
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site]]> http://www.dslreports.com/forum/remark,20231252 Wed, 26 Mar 2008 20:58:08 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20231191 Steve : OK, let's be fair: not everybody knows who everybody else is, and first impressions do count.

Bruce Schneier is a legendary security guy, who wrote the seminal book "Applied Cryptography" - this is the best book on the subject I've ever read. He has designed numerous crypto algorithms (Blowfish, Twofish, Yarrow) and put them all in the public domain so that crypto would be open to all.

He writes a free monthly column Crypto-Gram which is a must-read for serious security enthusiasts. It's not so much security in the how-to-clean-your-badware, but how to think about security in a bigger picture. I look forward to every 15th of the month.

Reading a few issues of Crypto-Gram will likely convince you that his is one of the better minds in security today, and you'd forgive him the "look".

Bruce Schneier is my hero.

Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site]]> http://www.dslreports.com/forum/remark,20231191 Wed, 26 Mar 2008 20:47:55 EDT Re: Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20227835 Cudni : not to worry, Apple will fix it in the next, seamless, update ;)
»Apple using iTunes update to auto-install Safari

Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006-2007]]> http://www.dslreports.com/forum/remark,20227835 Wed, 26 Mar 2008 10:51:31 EDT Highly-critical flaws found in Safari for Windows http://www.dslreports.com/forum/remark,20227791 daveinpoway : Read the article here: »news.zdnet.co.uk/security/0,1000···5,00.htm]]> http://www.dslreports.com/forum/remark,20227791 Wed, 26 Mar 2008 10:42:14 EDT