I'm curious about some of Miller's statements to zdnet afterward (http://blogs.zdnet.com/security/?p=2941
, linked at the bottom of the tippingpoint entry), e.g.
It’s really simple. Safari on the Mac is easier to exploit. The
things that Windows do to make it harder (for an exploit to work),
Macs don’t do. Hacking into Macs is so much easier. You don’t have
to jump through hoops and deal with all the anti-exploit mitigations
you’d find in Windows.
It’s more about the operating system than the (target) program.
Firefox on Mac is pretty easy too. The underlying OS doesn’t have
anti-exploit stuff built into it.
Do folks here know, is Miller starting as an admin user, e.g.? [I
don't want to start any bonfires; I love my Mac, and don't plan to
ditch it, but statements like these make me wonder how it's happening.]
Jennifer Hiebert
On Mar 19, 2009, at 11:44 AM, mike wrote:
CanSecWest kicked off again..
http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
\
Safari, IE 8 and firefox all taken down easily by the same guy who
took
Apple down last year. So far chrome is the only left standing,
although
that seems to be more from lack of trying then anything. They are
supposed
to take cracks at the mobile market next, that should be more
interesting.
Mike
*************************************************************************
** List info, subscription management, list rules, archives,
privacy **
** policy, calmness, a member map, and more at http://
www.cguys.org/ **
*************************************************************************
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
