Macbook com Safari é hackeado!
- Autor do tópico 3dhouse
- Data Início
oscarolim
Power Member
Resta saber se amanha ele vai conseguir "exploitar" o Chrome e levar 20K para casa 
Nada ma a soma. 2 portateis e 15mil dolares em poucos minutos.
Claro que parte do exploit (pelo menos do safari, nao falaram em muito detalhe dos outros), parte do utilizador em clicar num link qualquer. Ja se sabe, 90% dos problemas estao entre a cadeira e o teclado.
Nada ma a soma. 2 portateis e 15mil dolares em poucos minutos.Claro que parte do exploit (pelo menos do safari, nao falaram em muito detalhe dos outros), parte do utilizador em clicar num link qualquer. Ja se sabe, 90% dos problemas estao entre a cadeira e o teclado.
arconada
Power Member
Resta saber se amanha ele vai conseguir "exploitar" o Chrome e levar 20K para casa
Claro que parte do exploit (pelo menos do safari, nao falaram em muito detalhe dos outros), parte do utilizador em clicar num link qualquer. Ja se sabe, 90% dos problemas estao entre a cadeira e o teclado.
Acho que este os outros 5 mil foram no ano passado...
BaLLiS
Power Member
Fanboys a parte esta noticia e interessante, e acho que as marcas deveriam ainda investir mais na segurança, eu actualmente so uso MAC OS X pra tudo, mas nunca digo que isto e o OS perfeito, nada disso, alias nem se se haver alguma vez um OS perfeito... mas que o MAC OS X a mim, e volto a dizer, A MIM, me enxe as medidas mais que o WINDOWS enxe! 
Watermelon
Power Member
Único aviso que vai ser feito nesta thread: deixem-se de flames e picardias.
g4j0
Power Member
claro que entre hoje e amanhã a Google faz-lhe uma chamadinha e dá-lhe 100k para não exploitar o ChromeResta saber se amanha ele vai conseguir "exploitar" o Chrome e levar 20K para casa
syMMys
Banido
Resta saber se amanha ele vai conseguir "exploitar" o Chrome e levar 20K para casa
Claro que parte do exploit (pelo menos do safari, nao falaram em muito detalhe dos outros), parte do utilizador em clicar num link qualquer. Ja se sabe, 90% dos problemas estao entre a cadeira e o teclado.
Minutos não, meses. Estes exploits são descobertos graças a semanas ou mesmo meses de "trabalho" e muitas noites em claro. Agora com a existência destes concursos há hackers que preferem guardar-los na manga à espera deste dinheiro fácil. No pior dos casos só esperam 12 meses.
SWEDISH
Power Member
Não há sistemas perfeitos..
Para ser perfeito tinha de ser fechado.. e sistemas fechados não existem por definição, logo sempre vai haver maneira de dar a volta..
isto é muito normal, o gajo gosta é de dar showoff nos macs para os levar embora.. ele não é nada burro.
Como alguém referiu 'O problema está quase sempre entre o teclado e a cadeira'
Para ser perfeito tinha de ser fechado.. e sistemas fechados não existem por definição, logo sempre vai haver maneira de dar a volta..
isto é muito normal, o gajo gosta é de dar showoff nos macs para os levar embora.. ele não é nada burro.
Como alguém referiu 'O problema está quase sempre entre o teclado e a cadeira'
nao fiquem com a impressão que o gajo se sentou, escreveu 2 palavras e "I'M IN" tipo filme mau. ele passou horas e horas a procura de falhas. chegado lá só aplicou o que tinha preparado em casa...
nem toco nesse link do pplware. sem ver aposto que 70% é de tecnicos de informatica maravilhados com o conseguirem montar um computador em casa e mudar de placa grafica de 6 em 6 meses a descascarem em cima da apple tipo: uuui mas a apple nao é perfeita? etc
p q os p
nem toco nesse link do pplware. sem ver aposto que 70% é de tecnicos de informatica maravilhados com o conseguirem montar um computador em casa e mudar de placa grafica de 6 em 6 meses a descascarem em cima da apple tipo: uuui mas a apple nao é perfeita? etc
p q os p
portos
Banido
Safari, Internet Explorer, and Firefox Taken Down by Four Zero-Day Exploits
The 3rd annual Pwn2Own contest kicked off today at CanSecWest around 3:00pm PST. For the first time, we had so many people register for the contest that we had to draw names from a hat- literally! In typical techie format, Aaron wanted to take a moment and write a quick program to randomly select order- but I stopped that nonsense, and we used a real hat.
Today, any contestant could attempt to break into a fully patched browser (IE8, Firefox, Chrome, Safari) or mobile device (Blackberry, Android, iPhone, Nokia/Symbian, Windows Mobile) with strict exploit restrictions that are eased on days two and three of the contest. As a brief refresher, the full set of rules for this contest are posted here. Our Zero Day Initiative is rewarding $5,000 USD per browser bug, and $10,000 USD per mobile bug. The first person to crack any of the mobile devices will also get to keep that device along with a one year phone contract. The first person to crack any of the browsers will get to keep the laptop it was running on.
Today's first day of Pwn2Own contest is now officially over, and we can report all mobile devices are still left standing unscathed. The browsers did not fare so well however. Between two winning contestants, they were able to compromise Safari (twice), IE8, and Firefox.
Charlie Miller got the luck of the draw, and had the first time slot for the browser competition. His target- Safari on Mac OS X. Before I could even pull my camera out, it was over within 2 minutes- and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative.
Next up, Nils. Just Nils- you know, like “Prince” or “Madonna”. With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft’s latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) to take home the Sony Vaio and $5,000 from ZDI.
If that wasn’t enough, Nils pulled a Safari exploit out of his hat (perhaps the same one used for the drawing?) and wowed us a second time- quickly taking down Apple’s browser for another cool $5,000. As a reminder, even though a browser may have been exploited once, anyone else is free to use a different zero-day exploit in order to cash in again.
We were ready to call it a day, but Nils signed up for another time slot, and took a shot at Mozilla Firefox. Lo and behold, another zero-day exploit of his was able to crack Firefox. At this point, I had to pull out my calculator, and tally up another $5,000 ($15K total for Nils today!).
Will Nils produce a Chrome exploit tomorrow, turning his trifecta into a clean sweep of all browsers? Stay tuned!
Honorable mention goes out to Julien Tinnes, who successfully exploited both Firefox and Safari though unfortunately his efforts fell outside the contest criteria and therefore could not be rewarded.
Now that our first day is wrapped, and the attack surface for the mobile devices and browsers opens up and becomes a little less restricive, we hope to have another day full of excitement!
All winners are asked to sign and agree to the general ZDI Non Disclosure Agreement, and the bugs will be turned over directly to the affected vendors. If there are more than 5 winning entries by the end of the contest, we will offer additional “Bonus” prizes of an extra $5,000 USD that will be awarded this year for Most Interesting Browser flaw, Most Interesting Mobile Device Flaw, and Best in Show.
Check back on our blog tomorrow for Pwn2Own day 2 wrapup, or follow the event live on twitter.
Some photos of the winners below! Please credit TippingPoint DVLabs if you copy them.
First winner of the day Charlie Miller (left) breaks Safari while TippingPoint judge Aaron Portnoy officiates
Charlie Miller enjoying the sweet spoils (i.e the Macbook) of victory.
Nils with his first successful win of the day against IE8 as Aaron proclaims him the second, third, and fourth winner of the day
Nils showing off his newly won Sony Vaio!
Julien Tinnes (left) is captioned above owning both Firefox and Apple's Safari web browser.
Both winners Charlie Miller (left) and Nils (right) receiving a round of applause from the crowd as Aaron Portnoy from TippingPoint (middle) wraps up day one of the judging.
FONTE
The 3rd annual Pwn2Own contest kicked off today at CanSecWest around 3:00pm PST. For the first time, we had so many people register for the contest that we had to draw names from a hat- literally! In typical techie format, Aaron wanted to take a moment and write a quick program to randomly select order- but I stopped that nonsense, and we used a real hat.
Today, any contestant could attempt to break into a fully patched browser (IE8, Firefox, Chrome, Safari) or mobile device (Blackberry, Android, iPhone, Nokia/Symbian, Windows Mobile) with strict exploit restrictions that are eased on days two and three of the contest. As a brief refresher, the full set of rules for this contest are posted here. Our Zero Day Initiative is rewarding $5,000 USD per browser bug, and $10,000 USD per mobile bug. The first person to crack any of the mobile devices will also get to keep that device along with a one year phone contract. The first person to crack any of the browsers will get to keep the laptop it was running on.
Today's first day of Pwn2Own contest is now officially over, and we can report all mobile devices are still left standing unscathed. The browsers did not fare so well however. Between two winning contestants, they were able to compromise Safari (twice), IE8, and Firefox.
Charlie Miller got the luck of the draw, and had the first time slot for the browser competition. His target- Safari on Mac OS X. Before I could even pull my camera out, it was over within 2 minutes- and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative.
Next up, Nils. Just Nils- you know, like “Prince” or “Madonna”. With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft’s latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) to take home the Sony Vaio and $5,000 from ZDI.
If that wasn’t enough, Nils pulled a Safari exploit out of his hat (perhaps the same one used for the drawing?) and wowed us a second time- quickly taking down Apple’s browser for another cool $5,000. As a reminder, even though a browser may have been exploited once, anyone else is free to use a different zero-day exploit in order to cash in again.
We were ready to call it a day, but Nils signed up for another time slot, and took a shot at Mozilla Firefox. Lo and behold, another zero-day exploit of his was able to crack Firefox. At this point, I had to pull out my calculator, and tally up another $5,000 ($15K total for Nils today!).
Will Nils produce a Chrome exploit tomorrow, turning his trifecta into a clean sweep of all browsers? Stay tuned!
Honorable mention goes out to Julien Tinnes, who successfully exploited both Firefox and Safari though unfortunately his efforts fell outside the contest criteria and therefore could not be rewarded.
Now that our first day is wrapped, and the attack surface for the mobile devices and browsers opens up and becomes a little less restricive, we hope to have another day full of excitement!
All winners are asked to sign and agree to the general ZDI Non Disclosure Agreement, and the bugs will be turned over directly to the affected vendors. If there are more than 5 winning entries by the end of the contest, we will offer additional “Bonus” prizes of an extra $5,000 USD that will be awarded this year for Most Interesting Browser flaw, Most Interesting Mobile Device Flaw, and Best in Show.
Check back on our blog tomorrow for Pwn2Own day 2 wrapup, or follow the event live on twitter.
Some photos of the winners below! Please credit TippingPoint DVLabs if you copy them.
First winner of the day Charlie Miller (left) breaks Safari while TippingPoint judge Aaron Portnoy officiates
Charlie Miller enjoying the sweet spoils (i.e the Macbook) of victory.
Nils with his first successful win of the day against IE8 as Aaron proclaims him the second, third, and fourth winner of the day
Nils showing off his newly won Sony Vaio!
Julien Tinnes (left) is captioned above owning both Firefox and Apple's Safari web browser.
Both winners Charlie Miller (left) and Nils (right) receiving a round of applause from the crowd as Aaron Portnoy from TippingPoint (middle) wraps up day one of the judging.
FONTE