1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

Macbook com Safari é hackeado!

Discussão em 'Apple Geral' iniciada por 3dhouse, 19 de Março de 2009. (Respostas: 15; Visualizações: 1772)

  1. 3dhouse

    3dhouse Power Member

    Prometeu e cumpriu, foram 10 segundos (contudo o script já vinha feito de casa).

    Fonte
     
  2. s e 7 e n

    s e 7 e n Power Member

    Basicamente o mesmo gajo já mandou abaixo o Safari, IE 8 e o Firefox. lol
     
  3. oscarolim

    oscarolim Power Member

    Resta saber se amanha ele vai conseguir "exploitar" o Chrome e levar 20K para casa :p Nada ma a soma. 2 portateis e 15mil dolares em poucos minutos.

    Claro que parte do exploit (pelo menos do safari, nao falaram em muito detalhe dos outros), parte do utilizador em clicar num link qualquer. Ja se sabe, 90% dos problemas estao entre a cadeira e o teclado.
     
  4. arconada

    arconada Power Member

    Acho que este os outros 5 mil foram no ano passado...
     
  5. BaLLiS

    BaLLiS Power Member

    Fanboys a parte esta noticia e interessante, e acho que as marcas deveriam ainda investir mais na segurança, eu actualmente so uso MAC OS X pra tudo, mas nunca digo que isto e o OS perfeito, nada disso, alias nem se se haver alguma vez um OS perfeito... mas que o MAC OS X a mim, e volto a dizer, A MIM, me enxe as medidas mais que o WINDOWS enxe! ;)
     
  6. 3dhouse

    3dhouse Power Member

    Ninguem se pode ficar a rir, o IE8 também caiu. Parece-me que este concurso e um bocado mozilla friendly!
     
  7. Watermelon

    Watermelon Power Member

    Único aviso que vai ser feito nesta thread: deixem-se de flames e picardias.
     
  8. g4j0

    g4j0 Power Member

    claro que entre hoje e amanhã a Google faz-lhe uma chamadinha e dá-lhe 100k para não exploitar o Chrome :P
     
  9. syMMys

    syMMys Banido

    Minutos não, meses. Estes exploits são descobertos graças a semanas ou mesmo meses de "trabalho" e muitas noites em claro. Agora com a existência destes concursos há hackers que preferem guardar-los na manga à espera deste dinheiro fácil. No pior dos casos só esperam 12 meses. :D
     
  10. arconada

    arconada Power Member

    Eu se fosse hacker também me concentrava nos apple, ai não... ganhar assim um airzito... hehehe se bem que normalmente as máquinas com windows também são excelentes...
     
  11. SWEDISH

    SWEDISH Power Member

    Não há sistemas perfeitos..
    Para ser perfeito tinha de ser fechado.. e sistemas fechados não existem por definição, logo sempre vai haver maneira de dar a volta..

    isto é muito normal, o gajo gosta é de dar showoff nos macs para os levar embora.. ele não é nada burro.
    Como alguém referiu 'O problema está quase sempre entre o teclado e a cadeira'
     
  12. fadeout

    fadeout Power Member

    É. Eu já reparei que a minha secretária não é de fiar :D
     
  13. MPMachado

    MPMachado Power Member

    Antes fossem todos como este gajo. Deve estudar bem o caso, vai la dar espectáculo e passado uns dias temos temos uma actualização a revolver o problema, que basicamente não prejudicou ninguém, servindo apenas para publicidade negativa...
     
  14. Ofenza

    Ofenza Power Member

    nao fiquem com a impressão que o gajo se sentou, escreveu 2 palavras e "I'M IN" tipo filme mau. ele passou horas e horas a procura de falhas. chegado lá só aplicou o que tinha preparado em casa...

    nem toco nesse link do pplware. sem ver aposto que 70% é de tecnicos de informatica maravilhados com o conseguirem montar um computador em casa e mudar de placa grafica de 6 em 6 meses a descascarem em cima da apple tipo: uuui mas a apple nao é perfeita? etc


    p q os p
     
  15. portos

    portos Banido

    Safari, Internet Explorer, and Firefox Taken Down by Four Zero-Day Exploits

    The 3rd annual Pwn2Own contest kicked off today at CanSecWest around 3:00pm PST. For the first time, we had so many people register for the contest that we had to draw names from a hat- literally! In typical techie format, Aaron wanted to take a moment and write a quick program to randomly select order- but I stopped that nonsense, and we used a real hat.

    Today, any contestant could attempt to break into a fully patched browser (IE8, Firefox, Chrome, Safari) or mobile device (Blackberry, Android, iPhone, Nokia/Symbian, Windows Mobile) with strict exploit restrictions that are eased on days two and three of the contest. As a brief refresher, the full set of rules for this contest are posted here. Our Zero Day Initiative is rewarding $5,000 USD per browser bug, and $10,000 USD per mobile bug. The first person to crack any of the mobile devices will also get to keep that device along with a one year phone contract. The first person to crack any of the browsers will get to keep the laptop it was running on.

    Today's first day of Pwn2Own contest is now officially over, and we can report all mobile devices are still left standing unscathed. The browsers did not fare so well however. Between two winning contestants, they were able to compromise Safari (twice), IE8, and Firefox.

    Charlie Miller got the luck of the draw, and had the first time slot for the browser competition. His target- Safari on Mac OS X. Before I could even pull my camera out, it was over within 2 minutes- and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative.

    Next up, Nils. Just Nils- you know, like “Prince” or “Madonna”. With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft’s latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) to take home the Sony Vaio and $5,000 from ZDI.

    If that wasn’t enough, Nils pulled a Safari exploit out of his hat (perhaps the same one used for the drawing?) and wowed us a second time- quickly taking down Apple’s browser for another cool $5,000. As a reminder, even though a browser may have been exploited once, anyone else is free to use a different zero-day exploit in order to cash in again.

    We were ready to call it a day, but Nils signed up for another time slot, and took a shot at Mozilla Firefox. Lo and behold, another zero-day exploit of his was able to crack Firefox. At this point, I had to pull out my calculator, and tally up another $5,000 ($15K total for Nils today!).

    Will Nils produce a Chrome exploit tomorrow, turning his trifecta into a clean sweep of all browsers? Stay tuned!

    Honorable mention goes out to Julien Tinnes, who successfully exploited both Firefox and Safari though unfortunately his efforts fell outside the contest criteria and therefore could not be rewarded.

    Now that our first day is wrapped, and the attack surface for the mobile devices and browsers opens up and becomes a little less restricive, we hope to have another day full of excitement!

    All winners are asked to sign and agree to the general ZDI Non Disclosure Agreement, and the bugs will be turned over directly to the affected vendors. If there are more than 5 winning entries by the end of the contest, we will offer additional “Bonus” prizes of an extra $5,000 USD that will be awarded this year for Most Interesting Browser flaw, Most Interesting Mobile Device Flaw, and Best in Show.

    Check back on our blog tomorrow for Pwn2Own day 2 wrapup, or follow the event live on twitter.

    Some photos of the winners below! Please credit TippingPoint DVLabs if you copy them.


    [​IMG]
    First winner of the day Charlie Miller (left) breaks Safari while TippingPoint judge Aaron Portnoy officiates



    [​IMG]
    Charlie Miller enjoying the sweet spoils (i.e the Macbook) of victory.



    [​IMG]
    Nils with his first successful win of the day against IE8 as Aaron proclaims him the second, third, and fourth winner of the day



    [​IMG]
    Nils showing off his newly won Sony Vaio!

    [​IMG]
    Julien Tinnes (left) is captioned above owning both Firefox and Apple's Safari web browser.

    [​IMG]
    Both winners Charlie Miller (left) and Nils (right) receiving a round of applause from the crowd as Aaron Portnoy from TippingPoint (middle) wraps up day one of the judging.



    FONTE
     

Partilhar esta Página