Re: [CGUYS] CanSecWest
It happens the same as it happens in every OS, errors in code. Exploits written to take advantage of the errors. Your question about Miller starting as admin...he is on another machine and by remote over the network takes over the mac via a Safari exploit. Oh, right. Of course. Sorry to be slow, there. So the question is, after he has remotely taken over the mac, does he have admin rights there? I haven't seen anything saying either way, only that in his words he has 'taken over the mac'. Yes, thanks for clarifying; that's my question. I spose (I hope) he has hold of no more than the current user-- On Fri, Mar 20, 2009 at 4:01 PM, Jennifer Hiebert jenn.hieb...@gmail.com wrote: I'm curious about some of Miller's statements to zdnet afterward ( http://blogs.zdnet.com/security/?p=2941, linked at the bottom of the tippingpoint entry), e.g. It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows. It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti- exploit stuff built into it. Do folks here know, is Miller starting as an admin user, e.g.? [I don't want to start any bonfires; I love my Mac, and don't plan to ditch it, but statements like these make me wonder how it's happening.] Jennifer Hiebert On Mar 19, 2009, at 11:44 AM, mike wrote: CanSecWest kicked off again.. http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits \ Safari, IE 8 and firefox all taken down easily by the same guy who took Apple down last year. So far chrome is the only left standing, although that seems to be more from lack of trying then anything. They are supposed to take cracks at the mobile market next, that should be more interesting. Mike * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http:// www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http:// www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
It happens the same as it happens in every OS, errors in code. Exploits written to take advantage of the errors That's true, but still the quote was pretty interesting. It didn't get much of a response here, so I wonder if it got sort of buried in the larger excerpt: The things that Windows do to make it harder [for an exploit to work], Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows. Doesn't exactly comport with the conventional wisdom, but it's hard to argue with someone who seems to do this more or less as a living. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
At 9:31 AM -0400 3/21/09, Chris Dunford wrote: It happens the same as it happens in every OS, errors in code. Exploits written to take advantage of the errors That's true, but still the quote was pretty interesting. It didn't get much of a response here, so I wonder if it got sort of buried in the larger excerpt: The things that Windows do to make it harder [for an exploit to work], Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows. Doesn't exactly comport with the conventional wisdom, but it's hard to argue with someone who seems to do this more or less as a living. One of the things he is referring to is Address Space Layout Randomization (ASLR), which is supposed to mitigate against buffer overflow attacks. Here is what Symantec has to say about ASLR in Vista: Abstract: Address space layout randomization (ASLR) is a prophylactic security technology aimed at reducing the effectiveness of exploit attempts. With the advent of the Microsoft® Windows Vista operating system, ASLR has been integrated into the default configuration of the Windows® operating system for the first time. We measure the behavior of the ASLR implementation in the Windows Vista RTM release. Our analysis of the results uncovers predictability in the implementation that reduces its effectiveness http://www.symantec.com/avcenter/reference/Address_Space_Layout_Randomization.pdf In Wikipedia there is this note about Mac OS X: Apple introduced randomization of some library offsets in Mac OS X v10.5[7], presumably as a stepping stone to fully implementing ASLR at a later date. Their implementation does not provide complete protection against attacks which ASLR is designed to defeat http://en.wikipedia.org/wiki/Address_space_layout_randomization A problem here is the NDA (Non-Disclosure Agreement) the crackers have to agree to; we won't know the details about the exploit until long after the hoo-raw has died down. So we don't really know if the crack is significant or not. Or if the person quoted above is being overly dramatic in his estimation of the ease of cracking Mac OS X. -- Roger Lovettsville, VA * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
So we don't really know if the crack is significant or not. Or if the person quoted above is being overly dramatic in his estimation of the ease of cracking Mac OS X. Roger, I don't disagree with anything you said, except for that last sentence: since hacking appears to be the guy's raison d'etre, and since he has hacked both Windows and Mac systems, I don't think we can really call it estimation. I wouldn't quibble if that were rephrased as, Or if the person quoted above is being overly dramatic about how easy it is to crack OS X. It's just the word estimation, really. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
I'm curious about some of Miller's statements to zdnet afterward (http://blogs.zdnet.com/security/?p=2941 , linked at the bottom of the tippingpoint entry), e.g. It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows. It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it. Do folks here know, is Miller starting as an admin user, e.g.? [I don't want to start any bonfires; I love my Mac, and don't plan to ditch it, but statements like these make me wonder how it's happening.] Jennifer Hiebert On Mar 19, 2009, at 11:44 AM, mike wrote: CanSecWest kicked off again.. http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits \ Safari, IE 8 and firefox all taken down easily by the same guy who took Apple down last year. So far chrome is the only left standing, although that seems to be more from lack of trying then anything. They are supposed to take cracks at the mobile market next, that should be more interesting. Mike * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http:// www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
It happens the same as it happens in every OS, errors in code. Exploits written to take advantage of the errors. Your question about Miller starting as admin...he is on another machine and by remote over the network takes over the mac via a Safari exploit. So the question is, after he has remotely taken over the mac, does he have admin rights there? I haven't seen anything saying either way, only that in his words he has 'taken over the mac'. On Fri, Mar 20, 2009 at 4:01 PM, Jennifer Hiebert jenn.hieb...@gmail.comwrote: I'm curious about some of Miller's statements to zdnet afterward ( http://blogs.zdnet.com/security/?p=2941, linked at the bottom of the tippingpoint entry), e.g. It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows. It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it. Do folks here know, is Miller starting as an admin user, e.g.? [I don't want to start any bonfires; I love my Mac, and don't plan to ditch it, but statements like these make me wonder how it's happening.] Jennifer Hiebert On Mar 19, 2009, at 11:44 AM, mike wrote: CanSecWest kicked off again.. http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits \ Safari, IE 8 and firefox all taken down easily by the same guy who took Apple down last year. So far chrome is the only left standing, although that seems to be more from lack of trying then anything. They are supposed to take cracks at the mobile market next, that should be more interesting. Mike * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
[CGUYS] CanSecWest
CanSecWest kicked off again.. http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits \ Safari, IE 8 and firefox all taken down easily by the same guy who took Apple down last year. So far chrome is the only left standing, although that seems to be more from lack of trying then anything. They are supposed to take cracks at the mobile market next, that should be more interesting. Mike * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
I noticed this quote in your link: Before I could even pull my camera out, it was over within 2 minutes-and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative. Actually, it didn't take nearly that long. According to ComputerWorld: Charlie Miller, a security researcher who hacked a Macintosh in two minutes last year at CanSecWest's PWN2OWN contest, improved his time today by breaking into another Macintosh in under 10 seconds. After that, Miller said, I did a few things to show that I had full control of the Mac. (I await my education as to why none of this matters, which I assume will be forthcoming shortly.) Safari, IE 8 and firefox all taken down easily by the same guy who took Apple down last year. So far chrome is the only left standing, although that seems to be more from lack of trying then anything. They are supposed to take cracks at the mobile market next, that should be more interesting. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
You really do know this list (grin!) Richard P. (I await my education as to why none of this matters, which I assume will be forthcoming shortly.) * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
I wonder why they don't have Opera as a target? Too hard or too unimportant? Matthew On Mar 19, 2009, at 11:44 AM, mike wrote: CanSecWest kicked off again.. http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits \ Safari, IE 8 and firefox all taken down easily by the same guy who took Apple down last year. So far chrome is the only left standing, although that seems to be more from lack of trying then anything. They are supposed to take cracks at the mobile market next, that should be more interesting. Mike * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http:// www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
Actually, it didn't take nearly that long. According to ComputerWorld: Charlie Miller, a security researcher who hacked a Macintosh in two minutes last year at CanSecWest's PWN2OWN contest, improved his time today by breaking into another Macintosh in under 10 seconds. After that, Miller said, I did a few things to show that I had full control of the Mac. I expect that under 10 seconds means he arrived with pre-written code that he executed on the computers. How long did it take him to develop that code? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
Less then 365 days it seems...since he did the same thing last year. That said developing the code for these guys is easy, it's finding the exploit. Apparently there are enough exploits in safari/IE/firefox that multiple people can take multiple shots at multiple exploits they have found studying the code. On Thu, Mar 19, 2009 at 3:29 PM, Tom Piwowar t...@tjpa.com wrote: Actually, it didn't take nearly that long. According to ComputerWorld: Charlie Miller, a security researcher who hacked a Macintosh in two minutes last year at CanSecWest's PWN2OWN contest, improved his time today by breaking into another Macintosh in under 10 seconds. After that, Miller said, I did a few things to show that I had full control of the Mac. I expect that under 10 seconds means he arrived with pre-written code that he executed on the computers. How long did it take him to develop that code? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] CanSecWest
Less then 365 days it seems...since he did the same thing last year. Apple Patches CanSecWest Safari Bug http://www.beskerming.com/commentary/2008/04/19/354/Apple_Patches_CanSecWes t_Safari_Bug Looks like the fixing takes less time than the cracking. Have the other browsers been patched too? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
[CGUYS] CanSecWest Mac Hacking Contest
This URL from ComputerWorld (including the comments) provides additional information. I also read another article I have lost the reference to, that I thought was amusing. After no one was able to win the original contest, they changed the rules. g http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9017598source=NLT_AMnlid=1 -- John DeCarlo, My Views Are My Own * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
Re: [CGUYS] CanSecWest Mac Hacking Contest
From what I gather the only rule change was that the user had to surf to a website...show me a compromised pc that isn't on the net. Was their some other change? Mike On 4/25/07, John DeCarlo [EMAIL PROTECTED] wrote: This URL from ComputerWorld (including the comments) provides additional information. I also read another article I have lost the reference to, that I thought was amusing. After no one was able to win the original contest, they changed the rules. g http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9017598source=NLT_AMnlid=1 -- John DeCarlo, My Views Are My Own * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
Re: [CGUYS] CanSecWest Mac Hacking Contest
Well the point was that ANY mac surfing to say the superbowl site would have been compromised, that was a big deal on windows machines, so i assume it would be a big deal on macs. This contest just proved someone could write a simple exploit for a mac in just a few hours the same as on a windows machine. Not sure why it changes the challange much at all...most pc's are compromised the exact same way. Mike On 4/25/07, John DeCarlo [EMAIL PROTECTED] wrote: Well, the Mac was always on the net throughout. Somehow, surfing to a dangerous web site changes the challenge a fair amount in my view. Whether you consider it a big or small change, it is still a change. Which leads one to surmise that they would have kept allowing more and more - like making the user download dangerous software - who doesn't do that? On 4/25/07, mike [EMAIL PROTECTED] wrote: From what I gather the only rule change was that the user had to surf to a website...show me a compromised pc that isn't on the net. Was their some other change? there -- John DeCarlo, My Views Are My Own * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
