[Macworld]

Post your comments for Past winner: Safari will fall first at hacker contest here

[dreyfus]

Well, I call that toilet seat journalism...
The security expert "who last year walked off with a $10,000 cash prize for breaking into an Apple laptop within minutes of the contest" could not break into the machine the entire first day and was using a known exploit on the second day (with relaxed rules and access to the machine) that his group had discovered weeks earlier and had to work "about a week" to get in... So it was several weeks plus a day plus "minutes"... but Computerworld does not really care for serious journalism, don't you? If anybody makes it into my appartment and to my computer, OS safety is not my major concern.

[jpellino]

",...Apple’s Mac OS X, which lacks workable defenses found in Windows Vista and Windows 7, including address space randomization. Microsoft calls it “address space layout randomization,” or ASLR."
blink
Erm, doesn't Leopard in fact have library randomization?

[TheTSArt]

"Another factor contributing to Safari’s easy pickings, said Miller, is Apple’s Mac OS X, which lacks workable defenses found in Windows Vista and Windows 7, including address space randomization. Microsoft calls it “address space layout randomization,” or ASLR."
Isn't Apple doing something similar to that in Leopard? I could have sworn that ability was listed as one of the features back when it came out.

[phatslacker]

I wonder how much Microsoft pays this guy? As much as they pay Psystar?

[dreyfus]

@jpellino and @TheTSArt
You are both right, Leopard does that, but the implementation is not perfect. Some details can be found here: http://www.matasano....urity-features/ (see the paragraph headed "Address Space Randomization").

[MacTechAspen]

Apple does have Library Randomization:
http://www.apple.com...0.html#security
It makes you wonder about the veracity of his claims.

[Xaqtly]

I love how the article says "breaking into an Apple laptop within minutes of the contest. " That is 100% false. Nobody was able to break into the Mac at all. Ever. At any point. As dreyfus said, it wasn't until they relaxed the rules of the contest on the second day, along with somebody physically sitting in front of the Mac with an admin password, that they were able to get to Safari to find the exploit in the first place.
Even Miller seems to be unaware of the fact that he couldn't hack into the Mac either. Nobody could. Such trash journalism, you'd think they would at least try to get the facts right.

[rab777hp]

JESUS CHRIST- ARE YOU GUYS INSANE! THERE IS NO SUCH THING AS HACKER SAFE. MAC OS X IS JUST LIKE ANYTHING ELSE YOU FANBOYZ- ALL SYSTEMS ARE EQUALLY VULNERABLE! (excluding open-source) MAC'S CAN GET HACKED, THEY GET HACKED, AND HACKING IS A FACT OF LIFE. WHO DO YOU THINK KNOWS BETTER- TECH EXPERTS, OR YOU?

[Moof_in_Charge]

ease off smoking that horse hay rab777hp .... that stuff can kill you.....
You start by saying:
" ALL SYSTEMS ARE EQUALLY VULNERABLE! "
While the article claims that Vista, Windows 7 wont be broken in to! Your beef should be with the article not with the fanboi....
The report is flawed and this is not a fanboi talking! It's being objective in one direction, skimming-over or leaving-out important details while highlighting the poorly surmised conclusion!
Okay Wilbur, we're done here .... giddy yap!

[rab777hp]

That part isn't about the system, it's about the browser, and it's not the article, it's speculation of the interviewee. He says this because they are very secure browsers. And, no offense, but i think he knows more than you.

[jpellino]

Some hack. Telling someone with admin privileges to type in what you tell them to. You haven't pwned the mac, you've pwned the user. Now then. I could take a Mac out of the box, do all software updates done and lock it in the front window of Macy's with a network connection. If you can get it to execute arbitrary code, then you deserve $10,000. But that's not going to happen and Miller knows it. So instead he relies on the next scripting hole (every OS has them) and a shill.

[cabelaj]

Im not hating on Safari. But its been hacked in contest many times. Which makes you wonder if its actually being truelly hacked. Of course IE can get hacked to. I dont care who you are that will argue that. It can get hacked. Its man human made and so it will also be cheated by a human also. I never see articles on IE being hacked. I think its a nature to windows fans to sit there and come up with more issues with apple products and software. I think of microsoft as the cocky company that never wins.

[johndrake]

rab777hp said:

THERE IS NO SUCH THING AS HACKER SAFE. MAC OS X IS JUST LIKE ANYTHING ELSE YOU FANBOYZ- ALL SYSTEMS ARE EQUALLY VULNERABLE!

Ah, the voice of reason! You've convinced me that all these years of reliable and safe use have been a fantasy, going out tomorrow and get me a PC with Vista pre-installed, hope they have the option to get those really neat 5.25" diskettes so I can save my files and stuff, and even an eight-track player to play all my music in the house, my dog STD just loves that music when we go for a ride.
No one on this thread has said the Mac or Safari is not hackable, what they are saying is that the article misrepresent the facts from last years hack. And the facts as posted by several folks here are indeed true. Only after the 'Hacker' was given access to the root and even then with a known flaw at their disposal they had a bit of a go.
So try to not get your shorts in a wad, it shows and makes you walk funny.
Also try to refrain from the yelling and disrespect for other folks here.