Author Topic: Safari 3.1 For Windows Vulnerable To Hacks  (Read 14603 times)

0 Members and 1 Guest are viewing this topic.

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6927
Re: Safari 3.1 For Windows Vulnerable To Hacks
« Reply #30 on: April 02, 2008, 02:41:38 AM »
Quote
it is even more vulnerable on Windows than on OS X
It is equally vulnerable on any system that's using Safari 3.1
The vulnerability exists in the browser.

You don't even need Safari to compromise Windows OS, it is vulnerable and easy to compromise by its nature. Of course it is widely used so hackers are attacking it like crazy, but that's not excuse. No one can assure me that there are no hackers out there who would at least try to hack OS X just to prove something, but yet... we don't have any serious system attacks registered, and even less successful ones.
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Safari 3.1 For Windows Vulnerable To Hacks
« Reply #31 on: April 02, 2008, 03:11:59 AM »
I wish someday Windows and Mac users love each other  :-* :-*
The best things in life are free.

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6927
Re: Safari 3.1 For Windows Vulnerable To Hacks
« Reply #32 on: April 02, 2008, 03:18:51 AM »
But Tech, that's already happening. I have both, so I am Mac and PC user in the same time. I don't have anything against either side of me, but when one of my sides work on PC, all I get most of the time is headache. I didn't like that, so I went out and bought one of these beauties. Mac really allows me to focus on my creativity, rather than spending so much time on checking up on latest versions of security software, and installing a bunch of it of course.

You love Linux, so I am 100% sure you would be unbelievable happy using OS X.
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Safari 3.1 For Windows Vulnerable To Hacks
« Reply #33 on: April 02, 2008, 03:26:12 AM »
You love Linux, so I am 100% sure you would be unbelievable happy using OS X.
I'll use when I have a budget to give it to myself as a gift ;)
Well... I'm learning Linux, but it's not intuitive as Windows (at least for me), I was born in Windows environment.
The best things in life are free.

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6927
Re: Safari 3.1 For Windows Vulnerable To Hacks
« Reply #34 on: April 02, 2008, 03:37:29 AM »
Well, when talking about budget... I didn't have any when I first came here. Didn't have any friends, don't have any relatives... but I worked like a moron, all kind of jobs, regardless if it was day or night, sunny day or rainy day. After few years, I can say I can afford it now.

Windows = intuitive, Linux = perfect but not easy to use... OS X is your answer, everything that Linux has and more, and even easier to use than Windows.
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Safari 3.1 For Windows Vulnerable To Hacks
« Reply #35 on: April 02, 2008, 04:15:53 AM »
Quote
it is even more vulnerable on Windows than on OS X
It is equally vulnerable on any system that's using Safari 3.1
The vulnerability exists in the browser.

You don't even need Safari to compromise Windows OS, it is vulnerable and easy to compromise by its nature. Of course it is widely used so hackers are attacking it like crazy, but that's not excuse. No one can assure me that there are no hackers out there who would at least try to hack OS X just to prove something, but yet... we don't have any serious system attacks registered, and even less successful ones.
Sasha,
The title of this thread is "Safari 3.1 For Windows Vulnerable To Hacks"
this is all I pointed out.
All operating systems can, have been and will again be compromised.
As long as there are hackers, there will be compromises.
By nature, the most popular system will always be the most compromised.

Say hi to 2 of my favorite girls.  :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6927
Re: Safari 3.1 For Windows Vulnerable To Hacks
« Reply #36 on: April 02, 2008, 01:35:28 PM »
..
...
All operating systems can, have been and will again be compromised.
As long as there are hackers, there will be compromises.
By nature, the most popular system will always be the most compromised.

Say hi to 2 of my favorite girls.  :)

Yes, that's correct... but still, some will be more compromised and some less.

They are sending HIs back to you too guys!  :)
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Safari 3.1 For Windows Vulnerable To Hacks
« Reply #37 on: May 15, 2008, 10:51:32 PM »
Quote
Apple okay with Safari 'carpet bombing' vuln for now

Next time you get nagged to install Apple's Safari browser keep this in mind: The company's security team has dismissed research that shows a simple way for miscreants to use the browser to litter an end user's machine with malicious files.

According to researcher Nitesh Dhanjani, Safari doesn't bother to ask for user permission before downloading resources from websites. When encountering malicious iframes and other scripts, the browser obediently does what the website tells it to do, including downloading a file as many times as html scripts order.

When informed of this "carpet bombing" vulnerability (as researcher Billy (BK) Rios has dubbed it), Apple agreed that it might be good if Safari actually checked with the user before downloading potentially vicious files, but signaled that kind of addition wasn't much of a priority.

"Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads," someone from Apple's security team told Dhanjani. "We want to set your expectations that this could take quite a while, if it ever gets incorporated."

This is unfortunate because the vulnerability allows miscreants to dump hundreds of malicious files into a user's default download location (in Windows it's the desktop and in OS X it's the download folder). As Nate McFeters at the Zero Day Blog sees it, it wouldn't be hard for a rogue site to load up a desktop with dozens of booby-trapped "My Computer" icons that look like the real Windows icon and wait for a confused user to accidentally click on them.

http://www.theregister.co.uk/2008/05/15/apple_safari_carpet_bombing_vuln/
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Safari 3.1 For Windows Vulnerable To Hacks
« Reply #38 on: May 15, 2008, 11:52:10 PM »
I would have thought that Secunia would consider this a security vulnerability as they did with the same issue with other browsers, which those browsers patched.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Safari 3.1 For Windows Vulnerable To Hacks
« Reply #39 on: May 16, 2008, 12:37:08 AM »
I would have thought that Secunia would consider this a security vulnerability as they did with the same issue with other browsers, which those browsers patched.
I guess since it's an Apple product, it's considered in a different league.  :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re: Safari 3.1 For Windows Vulnerable To Hacks
« Reply #40 on: May 16, 2008, 03:33:32 AM »
Well one could always update the Safari engine yourself without waiting for apple. Safari uses Webkit which is Open Source  :) and most issues are patched in the open source version before they are fixed in the Official Apple Release

The webkit site has prebuilt binaries for both Mac OS X and Windows of the latest version:
http://webkit.org/

Also if you choose about Safari you can see what version of webkit apple is using, the webkit version is beside the safari version
Example: Version 3.1.1 (5525.18)

when you install webkit it launches using the Safari front end using the updated engine (you have to have Safari installed).
« Last Edit: May 16, 2008, 03:40:03 AM by .: Mac :. »
"People who are really serious about software should make their own hardware." - Alan Kay