Safari 3.1 For Windows Vulnerable To Hacks

[FreewheelinFrank]

That's probably where I noticed it. Getting old, I'm afraid. Memory going...

[Hard_ROCKER]

Ubuntu is the winner ...   

http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up

[FreewheelinFrank]

Flash vulnerability on Vista. 

[bob3160]

Quote from: bob3160 on Yesterday at 04:50:20 PM
All this really proves is that there is no such thing as 100% safe anything.

It's still up to the user which computer to buy and what software to run.
Sooner or later, even the best of us will get caught by a new malware infection. Cry
Keep your guard up and your back-ups handy. Grin

I seem to remember you saying the same thing back in '06, Bob, when all those holes were appearing in IE6.

Frank,
I didn't notice any hackers going on vacation since 06  

If anything, the amount of attacks against all systems have increased since 06 making increased security
even more vital today than ever before.

[FreewheelinFrank]

Sooner or later, even the best of us will get caught by a new malware infection.

I didn't notice any hackers going on vacation since 06

I think you missed my point, which was that I'm still waiting to get caught as you promised. The increasing number of attacks just makes me further doubt the notion that 'there is no such thing as 100% safe anything,' and that browsers are much of a muchness when it comes to security.

[FreewheelinFrank]

Using a zero-day vulnerability in Adobe's ubiquitous Flash Player, hacker Shane Macaulay hacked into a Windows Vista laptop to win a $5,000 cash prize at this year's CanSecWest Pwn2Own challenge.

Macaulay, who uses the "K2" hacker moniker, also won the Fujitsu U810 laptop running Windows Vista Ultimate SP1 that he hijacked with the exploit.

According to sources at the conference, the Adobe Flash vulnerability is "cross-platform."

Details of the vulnerability and the attack vector are now the property of TippingPoint's ZDI (Zero Day Initiative), the sponsor of the CanSecWest Pwn2Own challenge. Officials from ZDI have confirmed the unpatched nature of the flaw and are coordinating the disclosure process with Adobe.

Earlier in the week, security researcher Charlie Miller hijacked Apple's MacBook Air with a drive-by exploit against the Safari browser. That exploit carried a $10,000 cash prize, plus the hacked laptop.

A Sony VAIO VGN-TZ37CN machine running Ubuntu 7.10 "Gutsy Gibbon" was the only laptop left standing after the three-day challenge.

http://securitywatch.eweek.com/exploits_and_attacks/vista_hacked_with_adobe_flash_vulnerability.html

[bob3160]

I think you missed my point, which was that I'm still waiting to get caught as you promised.

My promise was "Sooner or Later"  I never set a time frame on "Later" 

[polonus]

Hi bob3160,

Returning to the vulnerabilities at hand: http://secunia.com/advisories/29483/
Also a link there to check for unauthorized installations of Safari..

polonus

[neal62]

I downloaded Safari 3.1. to try it out. I must say that my flock browser on my machine is still faster and offers more and is smaller in footprint. 

[Marc57]

You probably wouldn't see these vulnerabilities in Safari 3.1 on a mac, It's probably the same thing as running IE7 on windows XP versus Vista. IE7 is much safer on Vista than it is on XP ( this is suppose to change in XP sp3).

[bob3160]

You probably wouldn't see these vulnerabilities in Safari 3.1 on a mac

Probably not but it's an underhanded way for Apple to again make Microsoft look bad. 

[.: Mac :.]

You probably wouldn't see these vulnerabilities in Safari 3.1 on a mac

Probably not but it's an underhanded way for Apple to again make Microsoft look bad. 

Or if the flaw does not exist on the Mac side maybe its windows that is the problem 

[Marc57]

Flash vulnerability on Vista. 

Yep, but if you read this: http://blogs.zdnet.com/security/?p=993&tag=nl.e539

It seems that the flash vulnerability could have taken down any of the three.

"The flaw is in something else, but the inherent nature of Java allowed us to get around the protections that Microsoft had in place,” he (Macaulay) said in an interview shortly after he claimed his prize Friday. “This could affect Linux or Mac OS X.”

Macaulay said he chose to work on Vista because he had done contract work for Microsoft in the past and was more familiar with its products.

Aha, so there is your story right there, this flaw could’ve worked on any of the systems; however, the contest rules state that the same exploit can only be used to compromise one machine (see rule #2 from the cansecwest.com web page which states “You can’t use the same vulnerability to claim more than one box, if it is a cross-platform issue.”), and Macaulay used Vista because it was what he was more familiar with."


Update, Sorry for posting this, I missed Franks post on the same thing.

[szc]

Same thing can be said for hacked Mac... they used Safari, and if it can be hacked on Apple, there is no reason not to be able to hack it on any Windows machine, it is even more vulnerable on Windows than on OS X. It is a software issue, not hardware issue at all.

[bob3160]

it is even more vulnerable on Windows than on OS X

It is equally vulnerable on any system that's using Safari 3.1
The vulnerability exists in the browser.